Merge pull request #3714 from diannegali/docs-editor/malware-naming-1746803711

Update malware-naming.md

Author: diannegali

unified-secops-platform/malware-naming.md

@@ -1,6 +1,5 @@
 ---
 title: How Microsoft names malware
-ms.reviewer: 
 description: Understand the malware naming convention used by Microsoft Defender Antivirus and other Microsoft antimalware.
 ms.service: unified-secops-platform
 ms.localizationpriority: medium
@@ -12,7 +11,7 @@ ms.collection:
 - must-keep
 ms.topic: reference
 search.appverid: met150
-ms.date: 01/29/2024
+ms.date: 05/09/2025
 ---
 
 # Malware names
@@ -25,30 +24,24 @@ When our analysts research a particular threat, they determine what each of the
 
 ## Type
 
-Describes what the malware does on your computer. Worms, viruses, trojans, backdoors, and ransomware are some of the most common types of malware.
+Type describes what the malware does on your computer. The following are the different types of malware that Microsoft products detect.
+
+### Malware
+
+Following are the types of malware that Microsoft detects. To know more about how Microsoft defines malware, see [How Microsoft identifies malware and potentially unwanted applications - Malware](criteria.md#malware).
+
 ```
-* Adware
 * Backdoor
-* Behavior
-* BrowserModifier
 * Constructor
 * DDoS
 * Exploit
 * HackTool
 * Joke
-* Misleading
-* MonitoringTool
-* Program
 * Password Stealer (PWS)
 * Ransom
-* RemoteAccess
 * Rogue
-* SettingsModifier
-* SoftwareBundler
 * Spammer
 * Spoofer
-* Spyware
-* Tool
 * Trojan
 * TrojanClicker
 * TrojanDownloader
@@ -59,6 +52,52 @@ Describes what the malware does on your computer. Worms, viruses, trojans, backd
 * Virus
 * Worm
 ```
+
+### Unwanted software
+
+Following are the types of unwanted software that Microsoft products detect. For more information on what unwanted software is and what is classified as unwanted software, see [Unwanted software](criteria.md#unwanted-software).
+
+```
+* Adware
+* BrowserModifier
+* Misleading
+* MonitoringTool
+* Program
+* SoftwareBundler
+* UwS
+```
+
+### Potentially unwanted applications
+
+Following are the types of potentially unwanted applications (PUAs) that Microsoft products detect. To know what PUAs are, see [Potentially unwanted application (PUA)](criteria.md#potentially-unwanted-application-pua).
+
+```
+* PUA
+* App
+* PUAAdvertising
+* PUATorrent
+* PUAMiner
+* PUAMarketing
+* PUABundler
+* PUADlManager
+```
+### Tampering software
+
+Tampering software, detected as ***Tampering** are tools that can lower device security. To know more, see [Tampering software](criteria.md#tampering-software).
+
+### Vulnerable software
+
+Following are the types of vulnerable software that Microsoft products detect. Know more about this detection in [Vulnerable software](criteria.md#vulnerable-software).
+
+```
+* Vulnerable
+* VulnerableDriver
+```
+
+### Other malware types
+
+Microsoft also detects ***Behavior** and ***Tool** types of malware.
+
 ## Platforms
 
 Platforms guide the malware to its compatible operating system (such as Windows, macOS, and Android). The platform's guidance is also used for programming languages and file formats.
@@ -157,29 +196,8 @@ Grouping of malware based on common characteristics, including attribution to th
 
 ## Variant letter
 
-Used sequentially for every distinct version of a malware family. For example, the detection for the variant **".AF"** would have been created after the detection for the variant **".AE"**.
+Used sequentially for every distinct version of a malware family. For example, the detection for the variant **".AF"** is created after the detection for the variant **".AE"**.
 
 ## Suffixes
 
-Provides extra detail about the malware, including how it's used as part of a multicomponent threat. In the preceding example, **"!lnk"** indicates that the threat component is a shortcut file used by Trojan: **Win32/Reveton.T**.
-```
-* .dam: damaged malware
-* .dll: Dynamic Link Library component of a malware
-* .dr: dropper component of a malware
-* .gen: malware that is detected using a generic signature
-* .kit: virus constructor
-* .ldr: loader component of a malware
-* .pak: compressed malware
-* .plugin: plug-in component
-* .remnants: remnants of a virus
-* .worm: worm component of that malware
-* !bit: an internal category used to refer to some threats
-* !cl: an internal category used to refer to some threats
-* !dha: an internal category used to refer to some threats
-* !pfn: an internal category used to refer to some threats
-* !plock: an internal category used to refer to some threats
-* !rfn: an internal category used to refer to some threats
-* !rootkit: rootkit component of that malware
-* @m: worm mailers
-* @mm: mass mailer worm
-```
+A suffix that begins with **!** is an indicator used by Microsoft internally.