病毒的名称告诉你什么?
Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same?
病毒的名称告诉你什么?
Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same?
Subject: What does the name of the virus tell you?
Compiled by : Kitisak Jirawankul and Manatchaya Chomthawat
Source : ThaiCERT: Thai Computer Emergency Response Team, Computer Security Coordination Center, Thailand
Published on : 27 February 2003
Have you ever wondered what the names of commonly seen viruses mean? Why do companies that develop antivirus programs give different names when the viruses they discover are the same? However, even though names are written differently, not every letter is the same. But the translated meaning of the name is the same. For example: W32.Klez.h@mm W32/Klez.h@MM WORM_KLEZ.H I-Worm.Klez.h< /b> etc. This article explains the different parts of a virus name so that readers can distinguish the type of virus from the name of the virus. Outstanding abilities as well as how the virus can spread
The components of the virus name can be divided into parts. As follows
Figure 1 Shows the various components of the virus name
1. The first section shows the family name of the virus. (Family_Names) Most are based on the type of problem the virus causes. or the language used for development, such as a Trojan horse developed with Visual Basic scripts or a virus that runs on a 32-bit Windows operating system, etc. The names of the families of viruses currently discovered are as shown in Table 1
| Family_Names |
Meaning
|
| WM | Viruses that are program macros Word |
| W97M | Word 97 macro virus |
| XM | Viruses that are program macros Excel |
| X97M | Excel 97 macro virus |
| W95 | Viruses that affect the Windows operating system. 95 |
| W32/Win32 | Viruses affecting Windows 32-bit operating systems |
| WNT | Virus affecting Windows NT 32-bit operating system |
| I-Worm/Worm | Internet worm |
| Trojan/Troj | Trojan horse |
| VBS | Virus developed with Visual Basic Script |
| AOL | Trojan horse America Online |
| PWSTEAL | Trojan horse with the ability to steal passwords |
| Java | Virus developed in Java |
| Linux | Viruses affecting the Linux operating system |
| Palm | Viruses that affect the Palm OS operating system |
| Backdoor | Allows intruders to gain access to the machine |
| HILLW | Indicates that the virus was compiled in a high-level language. |
Table 1 List virus families
2. The name of the virus (Group_Name) It's the original name given by the virus' author. They are usually inserted into virus code. And in this part, the name of the virus will be called like a nickname. For example, the name of the virus is W32.Klez.h@mm and will be called Klez.h To make it shorter and more concise
3. Variant part This section details the strain of that virus. The breed has been improved until it has different abilities from the existing breed. The variant has 2 characteristics:
- Major_Variants will follow the name of the virus. to indicate that they are clearly different, for example the worm named VBS.LoveLetter.A (A is Major_Variant) is different from BS.LoveLetter clearly
- Minor_Variants Minor_Variant is sometimes used to indicate slightly different cases. It is a number that indicates the file size of the virus. For example: W32.Funlove.4099 This worm has a size of 4099 KB.
4. The tail (Tail) is the part that tells how to spread. Consists of
- @M or @m tells you what kind of virus or worm this is. "mailer" To send itself via e-mail only when the user sends e-mail.
- @MM or @mm tells you what kind of virus or worm this is. "mass-mailer" to send itself through every e-mail address in the mailbox
Example W32.HILLW.Lovgate.C@mm shows that
- Belongs to the family affecting Windows 32-bit operating systems and is compiled in a high-level language.
- The name of the virus is Lovgate
- with variant is C
- has the ability to spread via e-mail to all e-mail addresses in the mailbox
From the components of the virus name described above. As you can see, the name of the virus can indicate the type of virus. The original name of the virus given by its author. Various species of viruses that are further developed and how the virus itself spreads