Naming Scheme - CARO - Computer Antivirus Research Organization (original) (raw)

a rose by another name

What is the issue?

While making sure each virus has the same name across all vendors is impossible, we can at least make sure that the names comply to certain standards. Although others came before, the 1991 standard is widely accepted as the basis for Malware naming. That has been superceded by this article.

The following is based on Nick FitzGerald’s paper “A Virus by Any Other Name: Towards the Revised CARO Naming Convention” that was published at AVAR 2002. This is a living document being maintained by all CARO members.

Abstract

The last few years have seen increased calls on antivirus developers to better standardize the names they use for viruses and other malware detected by their products. Surveying the history of antivirus research and product development, the only real attempt to devise a vendor-neutral naming standard was the early CARO Virus Naming Convention, originally drafted in 1991 (and commonly referred to simply as ‘naming.txt’). Although accepted in principle by several influential early antivirus developers, in general, it seems that standard is more observed in the breach — Further, because it has never been formally revised, the original convention was quite outdated and did not address many important naming issues. Many of these issues have seen extensions to accepted naming practice arise in the decade since it was written. This paper will describe recent efforts to extend and formalize the CARO Naming Convention so it can better inform the broad range of naming concerns facing today’s malware researchers. These new naming conventions will also lay the groundwork for future extensions to the naming scheme, as they become necessary. Although it was hoped the updated naming convention would be ready for presentation at this conference a few details are still being hammered out, but this paper describes all that has been agreed to date.

Table of Contents