Malwares pattern analyzing

Hey guys,

i am university student and doing research on botnets. i am going to use IDa pro and exeinfo and my own app for analyzing botnets pattern to create profile ( in OS also network). i have one request and one question:

1. why one botnet (for example w32.waledac) got more than one executable file. sometimes hundreds and thousands files in malware collections been labeled with just one name. are those different generations of this botnet? which one have i to analyze and create profile based on its pattern? do they share same behavior? 

 

2. my supervisor got grant and can pay to buy symantec malware pattern profiles. i didnt know where to ask, i need to know the price and any information about that. 

thank you