Antivirus signature detection isn't one to one - an individual signature is not made for each individual malware. One signature can detect multiple threats (indeed, hundreds or even thousands). And this may be generally fine from a detection standpoint. However, depending on how the signature was originally named, it can lead to some confusion about the actual malware at hand. A great example of this are password stealing Trojans with names such as PWS.Lineage or WoWStealer. The names may lead to the false impression that these password stealing Trojans are targeting gaming credentials. This misconception can in turn lead to an equally mistaken sense of complacency. After all, if you're running a large corporate network, do you really care about game targeting Trojans?

You should.

The reality is that most of the password stealers that are actively circulating via the Web allow for custom configuration. Once on the system, the password stealer typically opens a port to listen for remote commands and then downloads a custom configuration file that specifies the information to be harvested. Obviously this can allow for a high degree of focused targeting. So that WoWStealer Trojan could just as easily be stealing network login credentials, sensitive corporate information, or pretty much any other data the attacker desires (and it probably is).

In other words, don't be fooled by the name. It too often has little bearing on what the malware actually does or can do.

If you want to check your logs, here are some of the more common update domains observed by ScanSafe STAT:

hxxp://www.om7890.com/
hxxp://www.1a123.com
hxxp://www.sdnalgae.com
hxxp://abc.update999.cn
hxxp://213.155.0.240
hxxp://62.4.83.205
hxxp://www.xfsare.cn
hxxp://www.rdaceq.cn
hxxp://www.zzdrew.cn