Main WebSignature names
Phishing (Signature based)| Signature name | Sig Type | Description |
|---|---|---|
| Email.Phishing.Bank | Mail (type 4) | Banks (Halifax, Fifth Third, CitiBank? etc.) |
| Email.Phishing.RB | Mail (type 4) | Rapid Block (URL based matches) |
| Email.Phishing.Auction | Mail (type 4) | Ebay |
| Email.Phishing.Azon | Mail (type 4) | Amazon |
| Email.Phishing.Pay | Mail (type 4) | PayPal? |
| Email.Phishing.Card | Mail (type 4) | Credit Cards (Access/Visa etc.) |
| HTML.Phishing.Bank | HTML (type 3) | Banks (Halifax, Fifth Third, CitiBank? etc.) |
| HTML.Phishing.Pay | HTML (type 3) | PayPal? |
| HTML.Phishing.Auction | HTML (type 3) | Ebay |
| HTML.Phishing.Azon | HTML (type 3) | Amazon |
| HTML.Phishing.Postcard | HTML (type 3) | |
| HTML.Phishing.Card | HTML (type 3) | Credit Cards (Access/Visa etc.) |
| HTML.Trojan.Pcard | HTML (type 3) |
| Heuristic name | Description | |
|---|---|---|
| Phishing.Heuristics.Email.SpoofedDomain | URL domain mismatch | |
| Phishing.Heuristics.Email.HexURL | suspicious hexadecimal URL notation | |
| Phishing.Heuristics.Email.Cloaked.Null | suspicious %00 in URL | |
| Phishing.Heuristics.Email.Cloaked.NumericIP | suspicious numeric IP/domain mismatch | |
| Phishing.Heuristics.Email.Cloaked.Username | suspicious username in http URL | |
| Phishing.Heuristics.Email.SSL-Spoof | link claims https:// but its really an http:// | |
SCRIPTS
Coded in Javascript:
You can have one of:- Trojan.Dropper.JS.NAME (if it drops a file)
- Trojan.Downloader.JS.NAME (if it downloads a file)
- But in the most cases it will be:
- Worm.Feebs.X (where X is a letter, you've seen enough feebs to recognize them now)
Coded in VBS:
One of:- Trojan.VBS.NAME (a malicous script)
- Worm.VBS.NAME (a mass mailing worm)
- Trojan.Downloader.VBS.NAME
- Trojan.Dropper.VBS.NAME
For MS Office macro malware:
For Word, Excel and Powerpoint respectively you have:- W97M.NAME
- X97M.NAME
- P97M.NAME
- O97M.NAME
WINDOWS EXECUTABLES
Coded in Delphi:
- Trojan.Dropper.Delf-XXX
- Trojan.Downloader.Delf-XXX
- (less often) Trojan.Clicker.Delf-XXX
- (for spyware) Trojan.Spy.Delf-XXX
- (or ...) Trojan.Delf-XXX
- Trojan.Bancos-XXX
Coded in Visual Basic (not scripts or macro):
- Trojan.Clicker.VB-XXX
- Trojan.Downloader.VB-XXX
- Trojan.Dropper.VB-XXX
- Trojan.VB-XXX
Other info:
- Worm for Internet worms
- Trojan for backdoor programs
- JS for Java Script malware
- VBS for VBS malware
- W97M, W2000M for Word macro viruses
- X97M, X2000M for Excel macro viruses
- O97M, O2000M for general Office macro viruses
- DoS? for Denial of Service attack software
- Exploit for popular exploits
- VirTool? for virus construction kits
- Dialer for dialers
- Joke for hoaxes
</center-->
Log In or Register
big tits
big tits
al-ama
al-ana
al-asi
al-bbw
al-bds
al-blo
al-boo
al-ebo
al-foo
al-gro
al-gy
al-han
al-har
al-int
al-lat
al-les
al-mat
al-mil
al-pan
al-par
al-pis
al-shm
al-tee
al-voy
ce-ama
ce-ana
ce-asi
ce-bbw
ce-bds
ce-blo
ce-boo
ce-ebo
ce-gy
ce-har
ce-int
ce-lat
ce-les
ce-mat
ce-mil
ce-pan
ce-pis
ce-shm
ce-tee
ce-voy
vi-ama
vi-ana
vi-ani
vi-asi
vi-bbw
vi-bds
vi-blo
vi-boo
vi-ebo
vi-foo
vi-gro
vi-gy
vi-han
vi-har
vi-inc
vi-int
vi-lat
vi-les
vi-mat
vi-mil
vi-pan
vi-par
vi-pis
vi-shm
vi-tee
vi-uni
vi-voy
big tits
al-ama
al-ana
al-asi
al-bbw
al-bds
al-blo
al-boo
al-ebo
al-foo
al-gro
al-gy
al-han
al-har
al-int
al-lat
al-les
al-mat
al-mil
al-pan
al-par
al-pis
al-shm
al-tee
al-voy
ce-ama
ce-ana
ce-asi
ce-bbw
ce-bds
ce-blo
ce-boo
ce-ebo
ce-gy
ce-har
ce-int
ce-lat
ce-les
ce-mat
ce-mil
ce-pan
ce-pis
ce-shm
ce-tee
ce-voy
vi-ama
vi-ana
vi-ani
vi-asi
vi-bbw
vi-bds
vi-blo
vi-boo
vi-ebo
vi-foo
vi-gro
vi-gy
vi-han
vi-har
vi-inc
vi-int
vi-lat
vi-les
vi-mat
vi-mil
vi-pan
vi-par
vi-pis
vi-shm
vi-tee
vi-uni
vi-voy
Main Web
Users
Groups
Index
Search
Changes
Notifications
Statistics
Preferences
Main |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding ClamAV Wiki? Send feedback