What does the name of the virus tell you?

Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same?

What does the name of the virus tell you?

Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same?

Subject: What does the name of the virus tell you?
Compiled by :
Kitisak Jirawankul and Manatchaya Chomthawat
Source : ThaiCERT: Thai Computer Emergency Response Team, Computer Security Coordination Center, Thailand
Published on : 27 February 2003

Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same? However, even though names are written differently, not every letter is the same. But the translated meaning of the name is the same. For example: W32.Klez.h@mm W32/Klez.h@MM WORM_KLEZ.H I-Worm.Klez.h< /b> etc. This article explains the different parts of a virus name so that readers can distinguish the type of virus from the name of the virus. Outstanding abilities as well as how the virus can spread

The components of the virus name can be divided into parts. As follows

Figure 1 Shows the various components of the virus name

1. The first section shows the family name of the virus. (Family_Names) Most are based on the type of problem the virus causes. or the language used for development, such as a Trojan horse developed with Visual Basic scripts or a virus that runs on a 32-bit Windows operating system, etc. The names of the families of viruses currently discovered are as shown in Table 1

Family_Names
Meaning
WM Viruses that are program macros Word
W97M Word 97 macro virus
XM Viruses that are program macros Excel
X97M Excel 97 macro virus
W95 Viruses that affect the Windows operating system. 95
W32/Win32 Viruses affecting Windows 32-bit operating systems
WNT Virus affecting Windows NT 32-bit operating system
I-Worm/Worm Internet worm
Trojan/Troj Trojan horse
VBS Virus developed with Visual Basic Script
AOL Trojan horse America Online
PWSTEAL Trojan horse with the ability to steal passwords
Java Virus developed in Java
Linux Viruses affecting the Linux operating system
Palm Viruses that affect the Palm OS operating system
Backdoor Allows intruders to gain access to the machine
HILLW Indicates that the virus was compiled in a high-level language.

Table 1 List virus families

2. The name of the virus (Group_Name) It's the original name given by the virus' author. They are usually inserted into virus code. And in this part, the name of the virus will be called like a nickname. For example, the name of the virus is W32.Klez.h@mm and will be called Klez.h To make it shorter and more concise

3. Variant part This section details the strain of that virus. The breed has been improved until it has different abilities from the existing breed. The variant has 2 characteristics:

  • Major_Variants will follow the name of the virus. to indicate that they are clearly different, for example the worm named VBS.LoveLetter.A (A is Major_Variant) is different from BS.LoveLetter clearly
  • Minor_Variants Minor_Variant is sometimes used to indicate slightly different cases. It is a number that indicates the file size of the virus. For example: W32.Funlove.4099 This worm has a size of 4099 KB.

4. The tail (Tail) is the part that tells how to spread. Consists of

  • @M or @m tells you what kind of virus or worm this is. "mailer" To send itself via e-mail only when the user sends e-mail.
  • @MM or @mm tells you what kind of virus or worm this is. "mass-mailer" to send itself through every e-mail address in the mailbox

Example W32.HILLW.Lovgate.C@mm shows that

  • Belongs to the family affecting Windows 32-bit operating systems and is compiled in a high-level language.
  • The name of the virus is Lovgate
  • with variant is C
  • has the ability to spread via e-mail to all e-mail addresses in the mailbox

From the components of the virus name described above. As you can see, the name of the virus can indicate the type of virus. The original name of the virus given by its author. Various species of viruses that are further developed and how the virus itself spreads