The term Threat Platform is used to refer to the operating system or application on which a malicious program operates.
To indicate the platform a malware will operate on, F-Secure uses a platform designator in the detection name for the malware. For example, the detection for the notorious Downadup worm (also known as Conficker) is:
Where ''W32' is the platform designator, and indicates that the malicious program 'Downadup' is designed to work on machines running the 32-bit Windows operating system.
Most malicious programs are designed to function only on one platform, as they must target and exploit specific files or vulnerabilities unique to a particular operating system or application. Some malware are even more specific - they can only run if a specific application is installed on a specific operating system.
Occasionally, a malware is found that is sophisticated enough to operate on more than one platform, but these are still relatively rare.
Listed below are some of the most common platforms targeted by malware.
Macro malware for VBA in Access 97 or later
Malware that runs on the Android OS
Malware or exploits that uses AutoCAD
Malware that requires DOS, Windows or NT command interpreter or clone (4DOS, 4NT)
Malware that resides in the Master Boot Record or DOS Boot Sector
Malware that runs on Chrome OS
VBA macro malware for Corel Draw! v 9.0 or later
Malware for CorelScript interpreter in many Corel products
Infects DOS COM, EXE (MZ) or SYS files and require some version of MS-DOS or clone
Malware for WinHelp. Note, JS and VBS script malware embedded in HTML and CHM files should use JS or VBS platform
For files that only contain a malicious iframe and cannot be classified as JS, PHP or other script
Malware for IDA Pro
Malware that uses Windows INF files
Malware for mIRC INI files
Malware that runs on the iPhone platform
Malware for .NET platform
Malware for Java runtime enviroment (standalone or browser-embedded)
Malware that runs on any Linux distribution
Malware that runs on MacOS prior to OSX
Malware that spreads via Multimedia Messaging System (MMS) messages
For malware that infects at least two applications within the Office 97 suite or later. Also includes related products (Visio, Projects)
Malware that runs on OS/2
Malware that runs on Mac OSX
Malware for VBA in Project 98 or later
Malware for PalmOS
Malware that requires a Perl interpreter incl those under WSH and HTML embedded Perl malware
Malware for PHP script
Macro malware for VBS in PowerPoint 97 or later
Macro malware for VBS in Publisher 97 or later
Malware in Windows Registry file format
Malware that requires a Unix(-like) shell script interpreter. Hosting does not affect the platform name. Shell malware specific to Linux, Solaris, HP-UX or other Unices, or specific to csh, ksh, bash, tcsh or other interpreters all fall under this platform name.
Malware that spreads via Short Messaging System (SMS) messages
Malware for Solaris
Malware for Symbian OS
Malware for Microsoft Silverlight
Malware for Macromedia Flash
Malware that runs on Unix, ELF file infectors etc
Malware for the Visual Basic Script interpreter. Hosting does not affect the platform designator. Standalone VBS infectors that require VBS under WSH, HTML-embedded VBS malware, and malware embedded in Windows compiled HTML help files (CHM), all fall under this platform type.
Malware for 16-bit Windows (native executables)
Malware for 32-bit Windows (native executables)
Malware for 64-bit Windows (native executables)
Malware for 128-bit Windows (native executables)
Macro malware for VBA in Word 97 or later
Malware for PocketPC (Windows CE)
Malware for WinHex
Windows Media Audio (WMA) usually disguised as mp3, that when loaded or played, will redirect to a site that tells the user to download and install a malicious codec to hear the audio
Windows Media Video (WMV) usually disguised as avi, that when loaded or played, will redirect to a site that tells the user to download and install a malicious codec to view the video
Macro malware for VBA in Excel 97 or later
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.