Variant

Individual piece of malware, sub-unit of a family

Most types of malware are subdivided into a number of families, or groups sharing many similarities, generally based on the same blocks of code and sharing similar behaviours. Within a family, a variant signifies a single individual item that is uniquely different from other members of the same family.

Variant names as displayed by anti-malware products are usually signified by letters or numbers appended after the family name - in older viruses, the length of the virus code in bytes was often adequate to distinguish it from other variants, while in recent times items tend to be given code letters from A to Z (continuing through AA to ZZ, and even AAA to ZZZ in the case of larger families), based on the order in which variants are analysed and named by virus labs.

This leads to considerable divergence in variant naming between anti-malware products, even where the family names are the same, and makes resources such as VGrep invaluable for cross-referencing purposes.

Glossary


	Similar entries Emulation Family Generic detection Sandbox(ing) Signature Unpacking Virtualisation See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Jobs


	In Virus Bulletin's jobs pages among others: Software Designers (Gothenburg, Sweden) Senior Research Scientist (Singapore, Singapore)

Virus Bulletin currently has 224,238 registered users.

Fighting malware and spam

Variant

See also