White Paper

Virus Naming. The "Who's Who?" Dilemma

Source: Bitdefender, LLC

Anyone who has ever created something new is granted the right to baptize it. However, given that they are born under the sign of destruction and disruption, viruses are an exception to this rule.

Normally, you would not expect anything in the "John Jr." vein. Any hint as to the identity of virus creators would probably get them into trouble. Plus, in order to avoid adding to the glory of malware authors antimalware producers will probably re-name the malware samples they discover. And the naming trouble does not stop here. A scenario where several antimalware labs simultaneously conduct research on the same new malware sample is not that uncommon. In this case, the first to publicly announce the discovery gets to give it a name.

Aside from creativity and authorship, virus naming also raises the issue of utility. Confronted with an overwhelming malware population, researchers and antimalware producers have understood how important it is to approach the naming process systematically. All in all, simple logic calls for malware names that contain information the industry can recognize: the affected platform, the virus family name and its spreading method.

This whitepaper aims to summarize the efforts that have been invested into creating a coherent, unanimously accepted and, most of all, efficient malware naming system as well as to briefly dwell on how these regulatory attempts are reflected in practice.