Ever wondered where computer viruses get their names from?

By on

This article is part of Security Month, a month-long TECHGEEK.com.au initiative to have a look at the security industry and the entire subject as a whole.

This guest post was written by Catalin Cosoi, BitDefender senior antispam researcher.

Anyone who has ever created something new is granted the right to name it. However, given that computer viruses are born with the purpose of underhand destruction and disruption, they are perhaps an exception to the norm. Why would any virus creator in their right mind want to drop any hints via their virus’s name that may incriminate them? Further, why would we want to give them the glory or the limelight?

Which begs the question, how do computer viruses get their names? The short answer: there is no unanimous way to classify viruses and their names but in order to raise the general awareness of viruses, more familiar terms are often chosen.

Taking cue from how the threat spreads

There are a number of ways in which viruses can be spread, including social networks, website links using names of well known personalities, pictures of events and enticing email messages. Viruses named by their spreading method include the Koobface worm, which is actually an anagram of Facebook, its distribution vector. Another example is Vundo, a Trojan that was named after Virtual Mundo, which then spread amongst the online community.

Don’t look inside

Some viruses are named after the content that they purported to contain, tricking people into downloading attachments which turn out to be malicious code. For example, the ‘Kournikova virus’ was named after illicit emails that tricked people into opening pictures of the tennis player. Viruses can also take their names from events and catastrophes that were used in email subject lines. For example, the name for the ‘Storm worm’ was coined from the message it contained: “230 dead as storm batters Europe”. And remember the ILOVEYOU worm that spread like wildfire? The reason it was so successful (for lack of a better word) was the way in which it appealed to our emotions with the words “I love you” as the subject line, and an enticing attachment entitled ‘Love letter for you.txt’.

Signed, yours truly

Some cybercriminals have a penchant for inserting phrases that will be displayed on your screen if you are infected. Or, they will embed phrases, slogans, or symbols that represent their ‘signature’ inside the code of the malware. Pieces of malware that display these characteristics are then usually named after these ‘signatures’. For example, the Witty worm’s name originated from the phrase “(^.^) Insert witty message here (^.^)”, which would appear on screen once your PC was infected.

Happy birthday? Clearly not

Viruses do not necessarily become active immediately after your system becomes infected. Sometimes, they can remain dormant until a specified date chosen by the virus writer, on which they will become active on infected machines. The date chosen can carry significance, for example the Michelangelo virus remained dormant until March 6th, the Renaissance artist’s birthday.

Viruses: expressive creatures

Malware writers can be an expressive bunch, christening their creations with names that reflect personal experiences or with a play on words that reflect the intent and purpose of the threat. Conficker is an excellent illustration of word play. The worm was first detected in November 2008 and has since affected seven million government, business and home computers in over 200 countries, making it the most notorious online threat in history. Conficker combines the German verb ‘ficken’ (to fornicate) with ‘con’ which, in Latin, means ‘with’. The infamous Melissa virus, on the other hand, was created and allegedly named after a lap dancer that programmer David L. Smith met in Florida, which spread via email in the form of infected Microsoft Word documents.

Naming names – exceptions to the rule

Even though malware authors usually try hard to remain anonymous in order to protect themselves from authorities, there have been a few viruses which have been named after their creators. The Samy worm and the CIH virus were classic examples – with the former named after its creator Samy Kumar, whilst CIH was named from initials of its author, Chen Ing Hau.

So what’s the constant in all of this? No matter how or where viruses and other forms of malware get their names from, they have been designed for the purpose of stealing sensitive and important information. In order to safeguard your PC and your data always keep the following advice in mind:

  1. Never open attachments or download files that are sent from an unknown contact, at least until the file is scanned with a complete antimalware solution.
  2. Be vigilant of messages sent via social media including Facebook, Twitter and instant messenger clients if the message isn’t something you would usually receive from that particular person – particularly if it contains a link prompting you to ‘check out’ photos, funny videos, etc.
  3. Hackers and malware writers are increasingly exploiting the anonymity of shortened URLs to lure people into visiting infected websites. To make sure you don’t fall for the same trap, check the link at http://saf.li, a URL shortener that also scans for malware and viruses using BitDefender’s scanning engine.
  4. Most of all, you should install an antimalware solution and ensure that it is regularly updated.

Did you know, we have a competition running? You can actually win a copy of BitDefender Total Security 2010 (rrp $105). Yes. How to enter? Well, click this link to find out more.

Image from: ines/stock.xchng