Although there aren’t many predefined standards for naming malware and vulnerabilities, they are often segregated according to the genre, impact and even malicious functionalities. Moreover, giving unique names to the vulnerabilities is nearly impossible due to the expansive conglomerate of options. However, there are many provisions for naming the malware samples based on their functionalities. In addition to that, there is a host of generic nomenclature techniques for adding a sense of panic to the proceedings.
Why Naming is Important?
The concept of naming malware and vulnerabilities works perfectly for the bigger malware families. Once a malware family is detected, a specific last name can be assigned to the same. This approach is important from the threat intelligence perspective. There are several organizations that have formulated specific standards for naming these malware and vulnerabilities depending upon the functionality of sample, author’s name and even the concerned domain of crisis.
Existing Naming Standards
The malware and vulnerability naming scheme has been standardized by Computer Antivirus Research Organization (CARO). Depending upon the threat, analysts have formulated a few considerations for naming the malware.
1. Type: This consideration describes the type of malware an organization is dealing with. The possible choices include backdoors, Trojans, worms, viruses and even ransomware threats.
2. Platform: It is important to analyze the platform which is affected by the mentioned malware or vulnerability. The options here can be Windows, Android, Mac OS and a few more. One such example would be the WannaCry ransomware which specifically affected the Windows OS.
3. Family: This aspect groups malware depending upon the common traits or creators. An example would be categorizing Petya and Mischa within the double ransomware family, as marketed by their common creator— Janus.
4. Variant Letter: Here is a technical determinant that sequentially segregates each version of the malware family in a chronological and alphabetical order.
5. Additional Insights: Here is a general category that uses other details apart from the ones mentioned earlier.
Naming Malware and Vulnerabilities
It is important to understand how specific malware and vulnerabilities are named. While Mischa and Petya were named by the common creator Janus for heightening the impact, the likes of Heartbleed and WannaCry have certain interesting explanations behind the nomenclature.
Heartbleed is a vulnerability that leaks security certificates and information with attackers intimating organizations using a heartbeat like signal. The server, upon receiving the signal, reciprocates by bleeding information to the attacker. This is why ‘Heartbleed’ actually fits in as a name.
WannaCry is a shortened form of WanaCryptor which basically derives its name from the Cryptoworm ransomware. This threat sabotages the secured hard drives by encrypting the information within. A worm which encrypts the information and only hands over the key upon receiving Bitcoin payments is fittingly named WannaCry.
CryptoLocker Trojan is yet another example where a malware is named according to the platform and even functionality. This threat targets the Windows OS and encrypts confidential and important datasets.
Apart from that, we have the randomly named ZeuS Trojan horse that comes as a Zbot package and targets Microsoft Windows for carrying out a host of criminal tasks. The existence of ‘bot’ in the naming schema reveals that this form of vulnerability is spread via the drive-in downloads and different phishing schemes. Moreover, this larger than life name for this malware signifies the impact it has on the IT networks.
Another malware, OSX or Tsunami.A poses multiple threats and the nomenclature is according to the existing standards. The naming is based on the impact this malware has on the Linux systems. The .A variant letter reveals that this malware has been around for quite a long time. In addition to that, this is an IRC bot which can easily initiate DDoS attacks and run shell or terminal commands on an infected system.
Naming a malware and vulnerability isn’t as straightforward as it seems. There are a few standards which can determine the exact process; thereby allowing users to study the same from the perspective of public relations. Lastly, there are many malware and Trojan which are rendered impactful names for grabbing attention.