Getting Started: identify viruses from virus naming

When you use anti-virus software to scan and kill viruses, you will often find some viruses on your computer. They all have a long string of names, such as Worm. padobot. u, Backdoor. RBot. abc, etc. What does it mean? In fact, the virus name already contains the type and characteristics of the virus.
Next we will introduce how to name a virus? Also, let's take a look at the type and characteristics of the virus from the virus name.

Naming rules for viruses

There is no uniform rule for naming viruses. The naming rules of every anti-virus company are not the same, but they are basically named by prefix and suffix, it can be a combination of multiple prefixes and suffixes separated by decimal places. The general format is [prefix]. virus name]. suffix]

1. Virus prefix

A virus prefix is a virus type. The common Trojan virus prefix is "Trojan" and the Worm prefix is "Worm ", other prefixes include "Macro", "Backdoor", and "Script.

2. Virus name

A virus name refers to a virus name. For example, the famous CIH virus, which is consistent with some of its variants, "CIH", and the yundun worm, the virus name is "Sasser ".

3. Virus suffix

A virus suffix is a variant of a virus. It is generally expressed by 26 letters. For example, "Worm. Sasser. c" refers to the Variant c of the Worm. If there are too many virus variants, you can also use a mix of numbers and letters to express the virus variants.

Virus naming explanation

1. Trojan

The prefix of the Trojan is Trojan. A Trojan virus is characterized by a network or system vulnerability that is used to access and hide the user's system and then leak user information to the outside world. General trojans such as QQ message tail Trojan. QQPSW. r, online game Trojan viruses Trojan. StartPage. FH, etc. The PSW or PWD in the virus name indicates that the virus has the function of stealing passwords. All such viruses need special attention.

2. Script Virus

The prefix of the Script virus is Script. A Script virus is a virus that is transmitted through a Web page, such as a red code Script. Redlof. Some script viruses also have prefix such as VBS and HTML, which indicates the script used, such as Happy Time VBS. Happytime and HTML. Reality. D.

3. system viruses

System viruses are prefixed with Win32, PE, Win95, W32, and W95. These viruses can infect and spread *. exe and *. dll files in Windows operating systems. For example, the famous CIH virus is a system virus.

4. macro virus

Macro virus can also be regarded as a type of script virus. Due to its particularity, macro virus is considered as one type. The prefix of Macro virus is Macro. The second prefix includes Word, Word97, Excel, and Excel97. Select the second prefix Based on the infected document type. This virus is characterized by being infected with documents in the OFFICE series and then spread through common OFFICE templates, such as the famous Misha virus Macro. Melissa.

5. Worms

The prefix of the Worm is Worm. This virus can be spread through network or system vulnerabilities. Most worms send emails with viruses to block the network, the viruses that you are familiar with include shock waves and shock waves.

6. bundling machine Virus

The binding machine virus prefix is: Binder. Virus writers use a specific bundle to bundle the virus with some applications (such as QQ and other commonly used software). On the surface, the virus is a normal file, however, when the user runs these applications, the virus files that are bundled together are also run, causing harm to the user. Such as the system killer Binder. killsys.

7. Backdoor Virus

The prefix of the Backdoor virus is Backdoor. This type of virus is characterized by network spreading to open backdoors for the poisoning system, bringing security risks to users' computers. Such as the love backdoor Virus Worm. Lovgate. a/B/c.