Current status of the CARO malware naming scheme

Dr Vesselin Bontchev FRISK Software International

  download slides (PDF)

The CARO malware naming scheme was created almost 15 years ago. To this date, it remains the naming scheme that is the most widely used in anti-virus products – despite being criticized from left and right and despite the fact that no product has absolute compliance with it. One of the often-heard criticisms is that detailed documentation of the up-to-date status of the scheme is difficult to find and that this hampers the scheme’s popularity. This paper attempts to solve this problem. It documents the CARO malware-naming scheme completely, including the recently introduced changes. It will be made freely available on the web and will be continuously updated as new changes are introduced. Its purpose is to serve as an easily and publicly accessible documentation of the latest state of the CARO Malware Naming Scheme.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.