Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: frisk@rhi.hi.is (Fridrik Skulason) Newsgroups: comp.virus Subject: Virus names (PC) Message-ID: <0006.9008161557.AA14696@ubu.cert.sei.cmu.edu> Date: 16 Aug 90 11:45:05 GMT Sender: Virus Discussion List Lines: 80 Approved: krvw@sei.cmu.edu It seems to me that we may soon be reaching the point where the number of virus-infected machines will start to decline, while the number of new viruses will grow as it has until now, doubling every 10 months or so. I don't know if everybody agrees with this, but what I was actually going to write about now is another subject - the naming of all the new viruses. How are virus names names selected ? This is becoming a problem in the PC world, where over 200 different virus variants are now known. The situation is not quite as bad in the Mac-world, where only 10 (or so) viruses are known, but this is a serious problem for anyone reporting a new virus. The possible methods include: I - naming by the virus author. Many viruses contain text strings within the code, which contain messages like "The Blood virus, version 1.02", or the name may be taken from other text strings within the virus: Aids, Aids II, Anarkia, Armagedon, Blood, Brain, Datacrime, Datacrime II, Disk Killer, Dyslexia, Fu Manchu, GhostBalls, Halloechen, Kennedy, MIX1, Murphy and Victor Alabama, Amoeba, Amstrad, Sylvia, Form, Devil's Dance, Stoned, Sunday, Suriv 1.0, Virus-B, Virus-90, Virus-101 and Shake II - Naming after location where first found: Agiplan, Durban, Icelandic, IDF, Saratoga, Italian, Itavir, Lehigh, New Zealand, Pixel, Pretoria, South African, Suomi, Taiwan, Taiwan-2, Taiwan-3, Vienna III - name chosen because of some visual or auditory effect: 8 tunes, Ambulance, Cascade, Flip, Ping-Pong, Jo-Jo, Oropax, Yankee Doodle, Zero Bug, Den Zuk, Frodo IV - Size of virus: 405, 800, 5120, 1260, 4096 V - Activation date: Friday the 13th, July 13th, December 24th, June 16th, XA1, Advent VI - Other actions/characteristics of the virus: Bulgarian Tiny, Dbase, Do-nothing, Macho, Mistake, Perfume, Slow, Tenbyte, Tiny, Traceback, Typo, Syslock VII - no obvious/valid reason for name. VP, W13, Vcomm The question is just which method to use - they have all some advantages and disadvantages. As the same virus may be assigned different name by different people, we get situations like the following: Case 1 Case 2 Method I suriv/sumsdos Method II IDF Jerusalem Method III Frodo Black Hole Method IV 4096 1808/1813 Method V (Sept. 22) Friday the 13th Method VI Method VII PLO Other problems may arise as well. The Dyslexia virus is an example. It was originally discovered in Solano County in California and reported at first as the "Solano" virus. Later, it was discovered that the virus contained the string "Dyslexia" in encrypted form, so another name for the virus is now "Dyslexia". The question is of course whether text strings found within the virus should always be used as a "first choice" when naming viruses - Virus author would probably find it more "fun" to see their creations listed as "The Mystic virus" or "The Blood Virus", than for example "418" or "PSQR".