Insane Reality issue #8 - (c)opyright 1996 Immortal Riot/Genesis - REALITY.004 Article: Naming your Viruses Author: Rajaat [IRG] % Naming your Viruses by Rajaat [IRG] % _______________________________________ Here's an article discussing how to get the AV to name your viruses what you want.. not much more I can say. - _Sepultura_ ============================================================================= % How to creatively name your virus? % One of the hardest things in virus writing is giving the virus its name. When you have a solid idea converted to code, have written it and tested it toroughly you have to think of something that you can identify it again when you see it showing up in the scanners and the newsgroups. The more viruses appear, the more difficult it is to think of yet another catchy name for your virus. I hope to present you some ideas here how to give your virus a name, where you can recognize it from when it gets in the wild. % Virus author confused with virus name % The thing that happens most is that virus researchers are going to group the viruses one author has written and next assign then numbers of their size. I can't think for a reason of this, probably because they will have problems using the Caro Naming Convention if they use these virus names. That's the only reason I can think of when they dubbed Andropinis to Rajaat.518. I'd rather hoped they would call it Rajaat.Andropinis. The thing you can do to twart their ideas, is the following: Make your virus so that, if it activates, only displays the name of the virus, and not the author. The author string can be embedded in the code, but should not be written out to the screen. The insiders will recognize your name, the victims often not. Don't make the name of the virus too long. By this action, researchers are almost forced to use the name of the virus to identify it, because the end users that will see the activation will most often search for that name in the virus encyclopedias. % Make the activation catchy % One other thing you should to is trying to implement a payload that will be remembered by the user. Falling letters on your screen hardly will raise and eyebrow or two, but a mandelbrot figure, a nice character animation (look at Diametric/Matricide for an example), some high pitched noise (accompanied with subtle screen shakes) or strange messages on a Novell file server will do just fine in the sight of an ordinary end-user. This graphic payload does not indicate that you virus can not be destructive. You could erase random sectors with every note the virus plays of the Nutcracker Suite. Just remember to be creative. Let the virus overwrite the MSDOS icon to an upwards pointing middle-finger. Let your fantasy go wild, I expect to see fruits soon ;-) % Think of a good name % If your virus was fun to make, you wouldn't dare to let it wreak havoc without having you assigned a good name to it yet. Too choose names, you can let yourself get inspired with everyday life around you. Name if after that long legged chick running loose in your college. Dub it like your favorite (ehum?) politician. Call it like a pop star, or add a few lines of a songtext. Give it at least one word that will jump out of context, it will most probably the chosen word for identifying your virus. "Hello, I'm your new pal." won't do it, or you should have concatenated the last two words by mistake because then it will be called the Newpal virus, without doubt! Try catchy lines like: I'm NEUROMANCER! Spell my name right, it's Tarzan, not Trazan! The worst case scenario is that researchers will choose Trazan as name instead of the hoped NEUROMANCER. Should you remove the ", not Trazan" part it will most probably appear in the wildlist as NEUROMANCER, with a 5% chance that your name will be added to it, if there is already a neuromancer virus that has got nothing to do with this one. % Encrypt all other strings % If you know the story of the Girafe virus, you know it's a Coffeeshop virus variant that uses a beta version of the TridenT Polymorphic Engine (TPE). But when the virus was decrypted, you could see numerous readable words, each pair of characters being the first two characters of certain files the virus avoids infecting. The writer of the virus didn't want to infect Gobbler II (GII.EXE), Remote Access (RA.EXE), and FastEcho (FECHO.EXE) (I assume he meant these files), this constructing the GIRAFE string. Other strings in the virus were the TPE marker and the initials of the author. One way to avoid these mistakes is to encrypt all the strings that must not be plainly visible. Priest has understood this trick, and very often encrypted string with an XOR in his viruses. Don't use initials in your virus, since a 'RG' is as large as an 'MZ' and won't be used. 'PS' could mean 'Phalcon/Skism', but also be a PUSH AX & PUSH BX opcode. % Make the name a remembrance % To ensure that everyone knows the name of the virus and your handle, you can make it known to them the very hard way. If your virus will destroy the contents of someones harddisk, then make it so that the user only will see the name of your virus on his screen during a dir command. Thinks of this: all your files gone and the volume on your harddisk is now "Rajaat haha", you will never forget who did this to you. Never. One of the virus names that are even known to non-virus related people is Michelangelo, a rather unremarkable virus, but is known for it's destructive actions performed on March the 6th. The virus recieved its name from the researchers and didn't contain a name. If it had a name in its code, it surely would have been called by that namen, even though it's a lame variant of the Stoned virus. % Don't use complex names % Don't use complex names in your virus, because people won't be able to remember the name very well. Never call it something like Breeblebrox, as it's a complex name to remember if you are not familiar with The Hitchhikers Guide to the Galaxy. Give the virus a name that most people will recognize or have a simple lexical structure. Hamanu is a simple name, even when people won't recognize the name as being a character (a Sorcerer King, to be more exactly) in the Dark Sun books, a series of novels brought out by T$R. It's is the same series of books I used to give myself a name (I'd be a blunted idiot if I'd use my real name, won't I?) and my MBR/COM infector (Andropinis, a bit tougher to remember). Rajaat is an easy name to remember, as it has no complex lexical structure. Names that are suitable are words like Maverick, Goldfinger, Witchboard, TopCat and Jetsons, as they all represent common movie names, cartoon figures or items that are well known. Don't assign a name to your virus like Prerequisite, Conquistador or Alapalooza. Name that are suitable are everlasting by their infamousy. Don't choose a name that will anger people, as that name won't be used. There are a few viruses that have the name Hitler, but researchers will shun that name. Ripper is an excellent example, as Jack the Ripper is a name that rings a bell at many people, and won't hurt anyone since it's so long ago that Jack roamed the dark streets of London. % Don't use names of people % Researchers won't name your virus the way you want it if it's a name of some person. An example is the Klaeren virus, which is now called different. Klaeren was a real name, and the person had nothing to do with the virus its creation. Better use fictive names that are not too real sounding. Think of names like Frodo, Sauron, Gallard, King Tec, Zaphod or Egami (Image reversed). Reversed names also are very suitable for viruses, like Natas and Nexiv_der. % Use a name that represents actuality % We virus writers are viewed upon as old-fashioned, and even if there are numerous WordBasic viruses, we mostly enjoy writing our viruses in assembler, whereas the researchers have first-class tools to their disposal. To let them show we react on recent news, you can best assign a name to your virus that shows it actuality. Call your virus Camilla, Pile of Shit (that stings!), Booza (drinking too much booze like boza will end up in names like these) or Setab (Bates reversed, I don't like this Jim Bates person at all, as do all virus writers down here). To regular MTV watchers I suggest Cornholio as the perfect virus name ;-) % Don't stress the name of the virus % Don't stress the fact that a virus is called a certain way by you. We have seen this with the Bizatch virus, now better known as Boza. Since Quantum actually almost PLEADED to have the virus called Bizatch, the researchers called it Boza, just in spite. If I even DARE to add a string in Diametric/Matricide that is even remotely saying something like "You little fuckheads, call this virus Diametric/Matricide, or I'll bash your brains out!" they would most probably call it Rajaat.BrainBash or something equally similar. Just make sure that only the name is of the virus is easily recognized and additional strings must be hidden from the users view. % Conclusion % You can never FORCE a researcher to name your virus as you wanted it, but you can give them a push in the good direction. Reading this article is of course not an insurance your virus gets the name you want it, but it will certainly be of great help. I am curious myself how they will call my Diametric/Matricide virus, since the name mutates (that's very easy with a XOR key and an anagram). Maybe they will call it the same as I referred to it when the development of it was in beta stage (Hamanu was the name). I am afraid I've acquired myself a sort of Microsoft image with assigning project names to viruses when they are not finished.