Virus Names

What's in a name? When it comes to viruses it's a matter of identification to the general public. An anti-virus program does not really need the name of a virus as it identifies it by its characteristics. But, while giving a virus a name helps the public at large it also serves to confuse them since the names given to a particular beast can differ from anti-virus maker to anti-virus maker.

How? Why? Much as they would like to, the virus writers do not get to name their beasts. Some have tried by putting obvious text into the virus but most of the anti-virus companies tend to ignore such text (mostly to spite the virus writers). And, any virus writer that insists on a particular name has to identify themselves in the process--something they usually don't want to do. So, the anti-virus companies control the virus naming process. But, that leads to the naming problem.

Viruses come into various anti-virus companies around the world at various times and by various means. Each company analyzes the virus and assigns a name to it for tracking purposes. While there is cooperation between companies when new viruses are identified, that cooperation often takes a back seat to getting a product update out the door so the anti-virus company's customers are protected. This delay allows alternate names to enter the market. Over time these are often standardized or, at least, cross-referenced in listings; but that does not help when the beast makes its first appearance.

This problem/confusion will continue. One practical and well documented example of how it affects a real-world virus listing can be seen at the WildList site on the page...

http://www.wildlist.org/naming.htm

One attempt at bringing some order to the naming problem is Ian Whalley's VGrep. VGrep attempts to collect all of the various virus names and then correlates them into a single searchable list. While useful, there is, again, the lag time necessary to collect and correlate the data.

So, get used to viruses having different names. As Shakespeare said...

What's in a name? That which we call a rose
By any other name would smell as sweet...

Another attempt is the database at VirusPool which "...tries to put information from all known infections and antivirus creators into one place so you can compare names and results." I wish them the best of luck.

A new site to try to correlate malware names: CME - Common Malware Enumeration  CME provides single, common identifiers to new virus threats to reduce public confusion during malware outbreaks. CME is not an attempt to solve the challenges involved with naming schemes for viruses and other forms of malware, but instead aims to facilitate the adoption of a shared, neutral indexing capability for malware.

Summary

• Virus naming is a function of the anti-virus companies. This results in different names for new viruses.
• Different names can cause confusion for the public but not anti-virus software which looks at the virus, not its "name."
• There are different sites that attempt to correlate the various virus names for you.