Table of Contents
Previous Section Next Section

2.6. Annotated List of Officially Recognized Platform Names

The platform names shown in Table 2.1 are the only officially recognized identifiers following the proposed naming standard. A platform name that does not appear on this list cannot be used as a platform identifier in a malware name following this standard. The Comments column helps to explain some of the finer points of platform name selection. This is intended to be an authoritative list at this book's publication date. The platform list will need to be extended in the future.

Table 2.1. Officially Recognized Platform Names

Short Form

Long Form

Comments

ABAP

ABAP

Malware for the SAP /R3 Advanced Business Application Programming environment.

ALS

ACADLispScript

Malware that requires AutoCAD Lisp Interpreter.

BAT

BAT

Malware that requires a DOS or Windows command shell interpreter or close clone.

BeOS

BeOS

Requires BeOS.

Boot

Boot

Requires MBR and/or system boot sector of IBM PCcompatible hard drive and/or floppy. (Rarely used in practice.)

DOS

DOS

Infects DOS COM and/or EXE (MZ) and/or SYS format files and requires some version of MS-DOS or a closely compatible OS. (Rarely used in practice.)

EPOC

EPOC

Requires the EPOC OS up to version 5.

SymbOS

SymbianOS

Requires Symbian OS (EPOC version 6 and later).

Java

Java

Requires a Java run-time environment (standalone or browser-embedded).

MacOS

MacOS

Requires a Macintosh OS prior to OS X.

MeOS

MenuetOS

Requires MenuetOS.

MSIL

MSIL

Requires the Microsoft Intermediate Language runtime.

Mul

Multi

This is a pseudo-platform, and its use is reserved for a few very special cases.

PalmOS

PalmOS

Requires a version of PalmOS.

OS2

OS2

Requires OS/2.

OSX

OSX

Requires Macintosh OS X or a subsequent, essentially similar version.

W16

Win16

Requires one of the 16-bit Windows x86 OSes. (Note: Several products use the Win prefix.)

W95

Win95

Requires Windows 9x VxD services.

W32

Win32

Requires a 32-bit Windows (Windows 9x, Me, NT, 2000, XP on x86).

W64

Win64

Requires Windows 64.

WinCE

WinCE

Requires WinCE.

WM

WordMacro

Macro malware for WordBasic as included in WinWord 6.0, Word 95, and Word for Mac 5.x.

W2M

Word2Macro

Macro malware for WordBasic as included in WinWord 2.0.

W97M

Word97Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Word (that shipped in Word 97) or later. Changes in VBA between Word 97 and 2003 versions (inclusive) are sufficiently slight that we do not distinguish platforms even if the malware makes a version check or uses one of the few VBA features added in versions subsequent to VBA v5.0.

AM

AccessMacro

Macro malware for AccessBasic.

A97M

Access97Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Access that shipped in Access 97 and later. As for W97M, changes in VBA versions between Access 97 and 2003 (inclusive) are insufficient to justify distinguishing the platforms.

P98M

Project98Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Project that shipped in Project 98 and later. As for W97M, changes in VBA versions between Project 98 and 2003 (inclusive) are insufficient to justify distinguishing the platforms.

PP97M

PowerPoint97Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Project, which shipped in Project 97 and later. As for W97M, changes in VBA between Project 97 and 2002 inclusive are insufficient to justify distinguishing the platforms.

V5M

Visio5Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Visio that shipped in Visio 5.0 and later. As for W97M, changes in VBA versions between Visio 5.0 and 2002 inclusive are insufficient to justify distinguishing the platforms.

XF

ExcelFormula

Malware based on Excel Formula language that has shipped in Excel since the very early days.

XM

ExcelMacro

Macro malware for Visual Basic for Applications (VBA) v3.0 that shipped in Excel for Windows 5.0 and Excel for Mac 5.x.

X97M

Excel97Macro

Macro malware for Visual Basic for Applications (VBA) v5.0 for Excel that shipped in Excel 97 and later. As for W97M, changes in VBA versions between Excel 97 and 2002 (inclusive) are insufficient to justify distinguishing the platforms.

O97M

Office97Macro

This is a pseudo-platform name reserved for macro malware that infects across at least two applications within the Office 97 and later suites. Cross-infectors between Office applications and related products, such as Project or Visio, can also be labeled thus.

AC14M

AutoCAD14Macro

VBA v5.0 macro viruses for AutoCAD r14 and later. As with W97M malware, minor differences in later versions of VBA are insufficient to justify new plat form names.

ActnS

ActionScript

Requires the Macromedia ActionScript interpreter found in some ShockWave Flash (and possibly other) animation players.

AplS

AppleScript

Requires AppleScript interpreter.

APM

AmiProMacro

Macro malware for AmiPro.

CSC

CorelScript

Malware that requires the CorelScript interpreter shipped in many Corel products.

HLP

WinHelpScript

Requires the script interpreter of the WinHelp display engine.

INF

INFScript

Requires one of the Windows INF (installer) script interpreters.

JS

JScript, JavaScript

Requires a JScript and/or JavaScript interpreter. Hosting does not affect the platform designatorstandalone JS malware that requires MS JS under WSH, HTML-embedded JS malware, and JS malware embedded in Windows-compiled HTML help files (.CHM) all fall under this platform type.

MIRC

mIRCScript

Requires the mIRC script interpreter.

MPB

MapBasic

Requires MapBasic of MapInfo product.

Perl

Perl

Requires a Perl interpreter. Hosting does not affect the platform designatorstandalone Perl infectors under UNIX(-like) shells, ones that require Perl under WSH and HTML-embedded Perl malware all fall under this platform type.

PHP

PHPScript

Requires a PHP script interpreter.

Pirch

PirchScript

Requires the Pirch script interpreter.

PS

PostScript

Requires a PostScript interpreter.

REG

Registry

Requires a Windows Registry file (.REG) interpreter. (We do not distinguish .REG versions or ASCII versus Unicode.)

SH

ShellScript

Requires a UNIX(-like) shell interpreter. Hosting does not affect the platform nameshell malware specific to Linux, Solaris, HP-UX, or other systems, or specific to csh, ksh, bash, or other interpreters currently all fall under this platform type.

VBS

VBScript, VisualBasicScript

Requires a VBS interpreter. Hosting does not affect the platform designatorstandalone VBS infectors that require VBS under WSH, HTML-embedded VBS malware, and malware embedded in Windows-compiled HTML help files (.CHM) all fall under this platform type.

UNIX

UNIX

This is a common name for binary viruses on UNIX platforms. (More specific platform names are available.)

BSD

BSD

Used for malware specific to BSD (-derived) platforms.

Linux

Linux

Used for malware specific to Linux platforms and others closely based on it.

Solaris

Solaris

Used for Solaris-specific malware.


    Table of Contents
    Previous Section Next Section