A project focused on automating the process of classifying malicious software found that many programs have similar ancestors but that the names assigned by security firms don’t always highlight common code. The project, pursued over the past few weeks by Sabre Security, used the company’s reverse engineering tool to identify the functional components in more than 200 samples of malicious code. Using a clustering algorithm, the samples were classified into code families, forming two large clusters, three smaller ones and several pairs of siblings and outliers.