A description of the virus naming rules

Source: Internet
Author: User
Tags versions win32

Many times we have used anti-virus software to find their own machines such as backdoor. rmtbomb.12, trojan.win32.sendip.15 and so on these a string of English also with digital virus name, at this time some people on the Meng, so long a string of names, how do I know what the virus ah?

In fact, as long as we know some of the virus naming rules, we can use the anti-virus software report in the virus name to determine the virus some of the public characteristics.

So many viruses in the world, anti-virus companies to facilitate management, they will be according to the characteristics of the virus, the virus classification name. Although the naming rules for each anti-virus company are not the same, they are generally named by a uniform naming method.

The general format is:< virus prefix >.< virus name >.< virus suffix >.

The virus prefix refers to the type of virus that distinguishes the virus from the racial classification. Different kinds of viruses, their prefixes are also different. For example our common Trojan virus prefix trojan, worm's prefix is worm and so on and so on.

Virus name refers to the family characteristics of a virus, is used to distinguish and identify the virus family, such as the previous famous CIH virus family name is a unified "CIH", and the recent noisy oscillation wave worm virus family names are "Sasser".

A virus suffix is a variant of a virus that is used to distinguish a particular variant of a family virus. Generally used in English 26 letters to indicate, such as worm.sasser.b refers to the oscillation Wave worm virus variant B, so generally referred to as "oscillating wave B variant" or "oscillating Wave variant B." If the virus variant is very numerous (also indicating that the virus is hardy ^_^), a variant can be represented by a combination of numbers and letters.

To sum up, the prefix of a virus is very helpful for us to quickly determine which type of virus the virus belongs to. By judging the type of virus, you can have a ballpark estimate of the virus (which, of course, involves accumulating some common virus types that are not covered in this article). And through the virus name we can use to find information and other ways to further understand the detailed characteristics of the virus. The virus suffix lets us know which variant of the virus is now in your machine.

Some of the common virus prefixes are explained below (for the Windows operating system that we use most):

1. System virus

The prefix of the system virus is: Win32, PE, Win95, W32, W95, etc. The general public nature of these viruses is the *.exe and *.dll files that can infect Windows operating systems and propagate through these files. such as CIH virus.

2. Worm virus

The worm prefix is: Worm. The public nature of the virus is spread through a network or system vulnerability, and most worms have the characteristics of sending out poisonous mail and blocking the network. such as shock waves (blocking the network), small mailman (send poison mail) and so on.

3, Trojan virus, Hacker virus

Trojan virus its prefix is: trojan, hacker virus prefix name is generally Hack. Trojan virus's public characteristic is through the network or the system flaw enters the user's system and hides, then leaks the user's information to the outside, but the hacker virus has a visual interface, can the user's computer to carry on the remote control. Trojans, hackers often appear in pairs, that is, Trojan virus is responsible for intrusion into the user's computer, and hackers will be through the Trojan virus to control. Now these two types are becoming more and more integrated. General Trojans such as the QQ message tail Trojan trojan.qq3344, and everyone may meet more than the Trojan virus for online games such as trojan.lmir.psw.60. In addition, there are PSW or pwd in the name of the virus that generally means that the virus has the function of stealing passwords (these letters are generally "password" in English "password" abbreviation) some hacker programs such as: Network Beikewen (Hack.Nether.Client) and so on.

4. Script virus

The script virus prefix is: script. The public character of a script virus is a virus that is written in scripting languages and transmitted through a Web page, such as the Red Code (SCRIPT.REDLOF). The script virus will also have the following prefix: VBS, JS (indicating what script is written), such as Happy Hour (VBS). HappyTime), 14th (JS.FORTNIGHT.C.S) and so on.

5, Macro virus

In fact, the macro virus is also a script virus, because of its particularity, so here alone into a class. The macro virus prefix is: Macro, and the second prefix is one of Word, Word97, Excel, Excel97 (and perhaps others). A virus that infects only WORD97 and previous versions of Word documents uses WORD97 as the second prefix, in the form of: macro.word97; viruses that only infect WORD97 later versions of Word documents are prefixed with Word as a second prefix, in the form of: Macro.word; Viruses that only infect EXCEL97 and previous versions of Excel documents use EXCEL97 as the second prefix, in the form of: macro.excel97; viruses that only infect EXCEL97 later versions of Excel are used as the second prefix of Excel, The format is: Macro.excel, and so forth. The public nature of this virus is the ability to infect Office series documents and then propagate through office generic templates, such as the famous Melissa (Macro.melissa).

6, Backdoor virus

The prefix of the backdoor virus is: backdoor. This kind of virus's public characteristic is spreads through the network, to the system backdoor, brings the security hidden danger to the user computer. Like 54 Many friends have encountered the IRC backdoor Backdoor.ircbot.

7, Virus planting program virus

The public nature of such viruses is that the runtime releases one or several new viruses from the body into the system directory, destroying the new viruses released. such as: Glacier Planter (dropper.binghe2.2c), MSN Shooter (Dropper.Worm.Smibag) and so on.

8. Destructive program virus

The prefix of the destructive program virus is: Harm. The public nature of such viruses is that they have good icons to entice users to click, and when users click on such viruses, the virus will directly damage the user's computer. such as: Format C disk (HARM.FORMATC.F), Killer Command (Harm.Command.Killer) and so on.

9. Joke virus

The joke virus prefix is: joke. Also known as prank viruses. The public nature of this type of virus is its own attractive icon to entice users to click, when users click on such viruses, the virus will do a variety of destructive operations to scare users, in fact, the virus did not do any damage to the user's computer. such as: Female Ghost (joke.girlghost) virus.

10. Bundle Machine Virus

The prefix for the bundle virus is: Binder. The public nature of this type of virus is that virus authors use specific bundled programs to connect viruses with applications such as QQ, ie bundled up, ostensibly a normal file, when users run these bundled viruses, they will run these applications on the surface, and then hide the virus running bundled together, thereby causing harm to users. such as: Bundled QQ (Binder.QQPass.QQBin), System Killer (Binder.killsys) and so on.

The above is the more common virus prefix, sometimes we will see some other, but relatively rare, here simply mention:

DOS: Dos attacks on a host or server;

Exploit: Automatically spreads itself by spilling the other's or its own system vulnerabilities, or he is an overflow tool for hacking;

Hacktool: Hacking tools may not in themselves destroy your machine, but will be used by others to use you as a stand-in to destroy others.

You can find out after a virus through the above mentioned methods to determine the basic situation of the virus, to achieve the results of the enemy. In the anti-virus can not automatically kill, the intention to use the manual method when this information will give you a lot of help.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.