{"id":6910,"date":"2012-11-02T10:00:43","date_gmt":"2012-11-02T17:00:43","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=6910"},"modified":"2023-05-11T08:52:58","modified_gmt":"2023-05-11T15:52:58","slug":"how-does-malware-naming-work","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/","title":{"rendered":"How Does Malware Get Named?"},"content":{"rendered":"<p>I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling the same thing by completely different names. This guide will tell you, briefly, how we decide on names you\u2019re most likely to encounter on this blog. (If you would like a much more in-depth look, <a href=\"https:\/\/web.archive.org\/web\/20150923200549\/http:\/\/www.caro.org\/naming\/scheme.html\">check out CARO\u2019s site<\/a>.)<\/p>\n<p>Let\u2019s take a look at the malware we call <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-imuler-variant-found-steer-clear-of-your-dirty-pics\/\">OSX\/Imuler.D<\/a>. If you were to look at the detection names across the industry, here\u2019s some other names you would see for this file from various vendors:<\/p>\n<ul>\n<li>Trojan-Dropper:OSX\/Revir.C<\/li>\n<li>Backdoor:MacOS_X\/Imuler.C<\/li>\n<li>OSX\/Imuler.D<\/li>\n<li>OSX\/Imuler-D<\/li>\n<li>OSX_IMULER.B<\/li>\n<li>OSX.Revir<\/li>\n<li>Trojan.Muxler.6<\/li>\n<\/ul>\n<p>Kind of confusing, no doubt. So, let\u2019s break this down a bit.<\/p>\n<h3>Prefixes \u2013 What Does This Thing Do?<\/h3>\n<p align=\"center\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-6952\" title=\"prefixes\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/prefixes.jpg\" alt=\"\" width=\"500\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/prefixes.jpg 500w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/prefixes-150x90.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/prefixes-300x180.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/prefixes-100x60.jpg 100w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>You\u2019ll see a fair number of the detection names start with a word like &#8220;Trojan,&#8221; &#8220;Backdoor&#8221; or &#8220;Dropper.&#8221; These vendors start their naming convention with a description of the activity of the file, but they all have different focuses on what\u2019s the most important descriptor. By choosing \u201cTrojan\u201d or \u201cTrojan Dropper,\u201d it\u2019s as if they\u2019re saying \u201cthis threat does not spread by itself \u2013 it\u2019s sent by a malicious person.\u201d If they choose \u201cBackdoor,\u201d that is to say the ultimate goal of the Trojan is to create a backdoor on your machine that will let a bad actor take control of it and spy on your actions.<\/p>\n<p>If the name starts with &#8220;OSX,&#8221; this is a way of stating what operating system the malware affects. If the malware targets multiple operating systems, you may see one component named &#8220;W32\/NastyBizness&#8221; and another called &#8220;OSX\/NastyBizness.&#8221; &#8220;W32&#8221; lets you know which component affects Windows systems.<\/p>\n<h3>Family Name \u2013 The Meat and Potatoes<\/h3>\n<p align=\"center\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-6956\" title=\"meat-and-potatoes\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/meat-and-potatoes.jpg\" alt=\"\" width=\"500\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/meat-and-potatoes.jpg 500w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/meat-and-potatoes-150x90.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/meat-and-potatoes-300x180.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/meat-and-potatoes-100x60.jpg 100w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>The next part of the name, usually after a delimiter like a slash or a dot, is the family name. This is what the press usually uses, stripped of the prefix info. If a researcher is looking at something that\u2019s brand new malware bearing little resemblance to other malware that\u2019s come before, they get to choose a new family name.<\/p>\n<p>Knowing whether this is similar to existing malware can be more than a little tricky, especially on Windows where there are many, many millions of malware. This is the first place where things can get a little cloudy. The first researcher to see a new malware may not be familiar with previous variants of a family, and they may choose a new malware name. The next researcher to see it may be familiar with the existing family name and will choose to use that instead.<\/p>\n<p>There are certain conventions that pertain to choosing a new malware family name:<\/p>\n<ul>\n<li><strong>The use of proper nouns is strongly discouraged<\/strong>, as this could offend the person\/country\/company\/etc. of the thing the malware is named after. Nobody wants bad things named after them! (Except perhaps the malware\u2019s author, and we really don\u2019t want to be encouraging them by putting their name in the press.)<\/li>\n<li><strong>We try not to use obscene or offensive names.<\/strong> This can be tricky because the malware may come from a culture or language that the researcher is unfamiliar with.<\/li>\n<li><strong>Numeric names are a bad idea<\/strong>, as historically certain types of viruses included a number as a suffix that denoted how many bytes long the virus code was.<\/li>\n<li><strong>We do not use the malware author\u2019s suggested malware name<\/strong>, for the same reason we don\u2019t use the malware author\u2019s name or handle. We don\u2019t want to motivate them with recognition. Sometimes vendors will choose to scramble or reverse an author\u2019s suggested name.<\/li>\n<li><strong>It\u2019s best to avoid naming the malware after the filename the malware comes in<\/strong>, such as an email attachment. The next variant in the family may come with a different filename, and we don\u2019t want to train people to only look for certain problematic files \u2013 any unexpected attachments should be treated as suspect.<\/li>\n<li>For the same reason, <strong>we avoid date-based names<\/strong> (such as \u201cFriday_13<sup>th\u201d<\/sup>), especially if those dates are related to payload triggers.<\/li>\n<li>It\u2019s a good idea to <strong>name the malware based on something distinctive within the code or behavior of the threat<\/strong>. This way it will be easier for other researchers to identify the threat and possibly its future variants.<\/li>\n<\/ul>\n<p>Not all companies agree to these naming rules, which is part of why you will see differing names between vendors. Other times, multiple researchers will discover a threat at roughly the same time, which is another case where you might get multiple different names. In the case of our example above, you can see there are three main family names that are used by the various vendors: Imuler, Revir and Muxler.<\/p>\n<p>As part of the research process, most researchers will first scan the file with other anti-malware products to see if it is already detected. This is fairly common as generic and behavioral detections become more powerful. When this happens, it\u2019s considered good form to use the family name already chosen by the other vendor, unless that name falls afoul of one of the conventions above. Sometimes the name is deemed unacceptable for some other reason (like a limit to the length of the detection name), which is up to the researcher and the vendor. If multiple acceptable names exist, it\u2019s best to choose the one used by the majority of vendors.<strong><br \/>\n<\/strong><\/p>\n<h3>Suffixes \u2013 How Many of These Things Are There?<\/h3>\n<p align=\"center\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-6954\" title=\"suffixes\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/suffixes.jpg\" alt=\"\" width=\"500\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/suffixes.jpg 500w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/suffixes-150x90.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/suffixes-300x180.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/suffixes-100x60.jpg 100w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>Suffixes are separated by another delimiter, usually a dot or a dash. They\u2019re meant to tell you which variant of a family this is. For most vendors, suffixes start with A for the first variant, then it goes up to Z, then AA to ZZ, and so on. In Windows-world, it\u2019s very common to see family names with three-letter suffixes, as there are hundreds of variants in those families. Letters are usually used rather than numbers, as we used to use numbers to denote the length of viruses.<\/p>\n<p>This is another place where you can see things get a little problematic, as we have suffixes of .B, .C, .D and .6 \u2013 Say what?? Some vendors buck tradition and name suffixes by number, rather than by letter, for starters. For those who stick with the alphabetic suffixes, there are a couple common reasons for variant letters to vary. Multiple variants may be discovered at once or within a short span, and Vendor X may get (and name) them in different order than Vendor Y. Or Vendor X may have generic detection that picks up multiple variants with one signature. In this case, they may choose to name the next variant .B rather than .C or .D. Or they may be aware that their detection catches several variants, and they\u2019ll only have detection for NastyBizness.A and .D, because they didn\u2019t need to amend their detection for .B and .C.<\/p>\n<h3>Ouch, My Head Hurts!<\/h3>\n<p align=\"center\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-6959\" title=\"head-hurts\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/head-hurts.jpg\" alt=\"\" width=\"500\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/head-hurts.jpg 500w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/head-hurts-150x90.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/head-hurts-300x180.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/11\/head-hurts-100x60.jpg 100w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>All this information may not make the situation much easier for you, since there are so many variables that go into choosing malware names. But hopefully it will help you understand why the names are the way they are and what they mean, even when they\u2019re confusing. Some anti-virus vendors will put \u201caliases\u201d in descriptions or blog posts about threats when they\u2019re aware of other vendors using different names. This can certainly cut down on the inevitable calls to tech support and the research department about whether Vendor X detects what Vendor Y is talking in the press about. We try to keep things as simple as possible, but unlike in ye olden days, things move too quickly for us to periodically get together with other researchers throughout the industry to sanitize and consolidate everyone&#8217;s names.<\/p>\n<p><strong>Further Reading:<\/strong><\/p>\n<ul>\n<li><a title=\"Security Jargon Decoded\" href=\"https:\/\/www.intego.com\/mac-security-blog\/security-jargon-decoded\/\" target=\"_blank\" rel=\"noopener\">Security Jargon Decoded<\/a><\/li>\n<li><a title=\"Rootkits Defined: What They Are and How They Can Be Used Maliciously\" href=\"https:\/\/www.intego.com\/mac-security-blog\/rootkits-defined-what-they-are-and-how-they-can-be-used-maliciously\/\" target=\"_blank\" rel=\"noopener\">Rootkits Defined: What They Are and How They Can Be Used Maliciously<\/a><\/li>\n<li><a title=\"What\u2019s the Difference Between Malware, Trojan, Virus, and Worm?\" href=\"https:\/\/www.intego.com\/mac-security-blog\/whats-the-difference-between-malware-trojan-virus-and-worm\/\" target=\"_blank\" rel=\"noopener\">What&#8217;s the Difference Between Malware, Trojan, Virus, and Worm?<\/a><\/li>\n<\/ul>\n<p><span style=\"font-size: x-small;\">photo credit: mrmayo <a href=\"http:\/\/www.flickr.com\/photos\/mrmayo\/3180933024\/\">(1)<\/a> and <a href=\"http:\/\/www.flickr.com\/photos\/mrmayo\/3180934332\/\">(2)<\/a>, <a href=\"http:\/\/www.flickr.com\/photos\/reid-bee\/3689880453\/\">jazzijava<\/a>, and <a href=\"http:\/\/www.flickr.com\/photos\/crystalaquarian\/3935149559\/\">91s_girl<\/a> via <a href=\"http:\/\/photopin.com\">photopin<\/a> <a href=\"http:\/\/creativecommons.org\/licenses\/by-nc\/2.0\/\">cc<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling the same thing by completely different names. This guide will tell you, briefly, how we decide on names you\u2019re most likely to encounter on this blog. (If you [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[86],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Does Malware Get Named? - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-02T17:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-11T15:52:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/\",\"name\":\"How Does Malware Get Named? - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage\"},\"datePublished\":\"2012-11-02T17:00:43+00:00\",\"dateModified\":\"2023-05-11T15:52:58+00:00\",\"description\":\"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Does Malware Get Named?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"How Does Malware Get Named?\",\"datePublished\":\"2012-11-02T17:00:43+00:00\",\"dateModified\":\"2023-05-11T15:52:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage\"},\"wordCount\":1363,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"keywords\":[\"Malware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/","og_locale":"en_US","og_type":"article","og_title":"How Does Malware Get Named? - The Mac Security Blog","og_description":"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling","og_url":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/","og_site_name":"The Mac Security Blog","article_published_time":"2012-11-02T17:00:43+00:00","article_modified_time":"2023-05-11T15:52:58+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/","name":"How Does Malware Get Named? - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage"},"datePublished":"2012-11-02T17:00:43+00:00","dateModified":"2023-05-11T15:52:58+00:00","description":"I imagine there are some of you out there who wonder how companies come up with malware names. It can often be confusing, with different companies calling","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"How Does Malware Get Named?"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"How Does Malware Get Named?","datePublished":"2012-11-02T17:00:43+00:00","dateModified":"2023-05-11T15:52:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#webpage"},"wordCount":1363,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Malware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-1Ns","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6910"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=6910"}],"version-history":[{"count":18,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6910\/revisions"}],"predecessor-version":[{"id":97976,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/6910\/revisions\/97976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=6910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=6910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=6910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}