In fact, as long as we have some virus naming convention, we can through the anti-virus software, virus, arising from the reports of the virus were to determine the characteristics of some of the public.
The world, so many viruses, anti-virus companies in order to facilitate management, they will in accordance with characteristics of the virus, named after the virus classification. Although each anti-virus companies are not the same naming rules, but generally are based on a uniform naming names.
The general format is: ...
Virus prefix refers to a type of virus, he is used to distinguish the virus of racial classification. Different types of viruses, their prefixes are different. For example, our common prefix Trojan Trojan, worm prefix is Worm, etc. There are others.
Virus name refers to a virus family characteristics, is used to distinguish and identify the virus family, such as the CIH virus, previously known family names are unified "CIH", there are recent AP is the Sasser worm virus Huan the family name is "Sasser".
Virus suffix refers to the characteristics of a variant of the virus, is used to distinguish a family of specific variants of a virus. Are generally used in English to represent the 26 letters, such as the Sasser worm Worm.Sasser.b refers to a variant B, it is generally known as "Sasser variant B" or "Sasser variant B". If the mutation of the virus is very much (also shows the great vitality of the virus) can be expressed using numbers and letters mixed-variant identity.
To sum up, a virus of the prefix for our rapidly determine whether the virus belongs to the type of virus is a very big help. By judging the type of virus, you can right that the virus has a rough assessment (of course this requires some common virus types accumulate knowledge, this is not the scope of this paper). Through the virus name we can use other means to find information on a better understanding of the detailed characteristics of the virus. Virus suffix let us know now hang out in your yard machine which variant of the virus.
Here some of the common viruses with the interpretation of the prefix (for we are the most widely used Windows operating system):
1, the system virus
System, the virus prefix: Win32, PE, Win95, W32, W95 and so on. Of these viruses is characterized by the general public can infect Windows operating system *. exe and *. dll files, and through these documents and spread. Such as the CIH virus.
2, the worm virus
Worm prefix is: Worm. Characteristics of the virus through the public network or system vulnerabilities to spread, the majority of worms are carriers of the virus sends out e-mail, blocking the network features. Such as shock waves (blocking network), Small Postman (hair carriers of the virus e-mail), etc..
3, Trojan viruses, hackers, virus
Trojan, the prefix is: Trojan, Hacker and Virus prefix name generally Hack. Trojan virus, characterized by the public through the network or system vulnerability to access the user's system and hide, then reveal the user's information to the outside world. The hacker virus, there was a visual interface that can remotely control a user's computer. Trojan horses, hackers, virus, often in pairs, that Trojan horse virus is responsible for the user's computer intrusion, while the hackers of the Trojan virus, the virus will be passed to control. Both types are now a growing tendency to integrate. Trojan general information, such as QQ tail Trojan Trojan.QQ3344, there are more people may encounter online game against a Trojan horse viruses such as Trojan.LMir.PSW.60. Add here that the virus name or what there PSW like PWD in general have indicated that the virus has to steal the password feature (these letters are generally for the "password" in English "password" abbreviation) Some hacker programs, such as: Network fierce and ambitious (Hack.Nether.Client) and so on.
4, the script virus
Script Virus prefix is: a script-virus feature is the use of public written in scripting languages, through the pages spread viruses, such as Code Red (. Redlof). Script viruses also have the following prefixes: VBS, JS (shows what kind of script written in), such as Happy Hour (VBS.Happytime), on the 14th (Js.Fortnight.cs), etc.
5, macro virus
In fact, the script macro virus is a virus, because of its specificity, and therefore counted as a separate category here. The prefix is a macro virus: Macro, the second prefix is: Word, Word97, Excel, Excel97 (and perhaps other) one of them. Where only the infection and previous versions of WORD document WORD97 virus using Word97 as a second prefix, the format is: Macro.Word97; those who were infected later WORD97 virus WORD document using Word as a second prefix, the format is: Macro.Word ; those who were infected EXCEL97 and previous versions of the virus using EXCEL documents Excel97 as a second prefix, the format is: Macro.Excel97; those who were infected later version of the EXCEL document EXCEL97 the virus uses Excel as a second prefix, the format is: Macro. Excel, and so on. The public characteristics of the virus is able to infect OFFICE series of documents, and then spread through the OFFICE generic templates, such as: the famous beauty of Lisa (Macro.Melissa).
6, backdoor virus
Backdoor virus prefix is: Backdoor. The public characteristics of the virus is transmitted through the Internet, open a backdoor to the system, giving the user's computer a security risk. As many of my friends encountered the IRC backdoor Backdoor.IRCBot.
7, the virus cultivation Virus
Characteristics of this virus is to run the public will be released from the body of one or several new virus into the system directory, by the release of new viruses created out of destruction. Such as: Glacier sower (Dropper.BingHe2.2C), MSN striker (Dropper.Worm.Smibag) and so on.
8. Destructive Virus
Destructive virus program prefix is: Harm. Public properties of this virus is inherently attractive to entice users to click on the icon when the user clicks on these viruses, the virus directly to a user's computer will be devastating. Such as: Format C drive (Harm.formatC.f), killer command (Harm.Command.Killer) and so on.
9. Joke virus
Joke virus prefix is: Joke. Also known virus hoaxes. Public properties of this virus is inherently attractive to entice users to click on the icon when the user clicks on the virus, the virus will make a sabotage operation to frighten the user, in fact, the virus did not carry out any damage a user's PC. Such as: the ghost (Joke.Girlghost) virus.
10. Bundling machine virus
Bundling machine virus prefix is: Binder. The public characteristics of this virus is a virus author will use a specific procedure of the virus with a number of bundled applications such as QQ, IE tied up, the surface is a normal file, when users run these bundled virus will run these applications on the surface, and then run the bundled hidden viruses, which cause harm to the user. Such as: bundling QQ (Binder.QQPass.QQBin), the system killers (Binder.killsys) and so on.
The above viruses more common prefixes, and sometimes we will see some others, but more rare, brief mention here:
DoS: will focus on a particular host or server to DoS attacks;
Exploit: will automatically overflow or other vulnerabilities to spread their own, or he himself is an overflow for Hacking tools;
HackTool: hacking tools, perhaps in itself does not destroy your machine, but it will be used by others to use you to do stand-in to destroy others.
You can identify a virus after the above mentioned methods to the preliminary judging the basic situation of the virus, to know ourselves and our results. In the anti-virus can not automatically killing, intend to adopt a time when this information manually will give you a great help.
No comments:
Post a Comment