![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Now, the MMPC sends this new reply to the original request as if the others didn't exist:
I suppose we aren't meant to know or even suspect anything about some. Alas.
What we do know from https://www.microsoft.com/security/portal/mmpc/shared/malwarenaming.aspx?platform=hootsuite is they name the malware and unwanted software that we detect according to the Computer Antivirus Research Organization (CARO) Malware naming scheme.
This scheme uses the following format:
This suffix is apparently called Additional Information:
Additional information
Additional information is sometimes used to describe a specific file or component that is used by another threat in relation to this threat. In the example above, the !lnk indicates that the threat is a shortcut file used by the Trojan:Win32/Reveton.T variant, as shortcut files usually use the extension .lnk.
We also have the "far less than random" listing of those available and their meanings (or lack thereof):
Additional suffixes
- Suffixes
.dam: damaged malware
.dll: Dynamic Link Library component of a malware
.dr: dropper component of a malware
.gen: malware that is detected using a generic signature
.kit: virus constructor
.ldr: loader component of a malware
.pak: compressed malware
.plugin: plug-in component
.remnants: remnants of a virus
.worm: worm component of that malware
!bit: an internal category used to refer to some threats
!dha: an internal category used to refer to some threats
!pfn: an internal category used to refer to some threats
!plock: an internal category used to refer to some threats
!rfn: an internal category used to refer to some threats
!rootkit: rootkit component of that malware
@m: worm mailers
@mm: mass mailer worm
At the bottom is a section for feedback. I imagine I might provide some after a while.
I've requested an explanation, but think it may be time to stop pursuing this in this Forum (at least for me). At least we know - even from the latest above - they are suffixes and are used internally (so they must mean something to them and thus can't be completely random) even if we never, ever learn anything further beyond those they did define (so we have no choice at present but to ignore them as internally proprietary and meaningless to us).
Kosh