The names of malware frequently resemble whimsical nicknames or the titles of obscure indie bands rather than serious threats to global cybersecurity. However, beneath these seemingly playful monikers lie intriguing stories, unexpected coincidences, and, at times, a subtle sense of humor. In the following exploration, we will examine the histories behind some of the most unusual and memorable malware names. The histories behind some of the most unusual and memorable malware names reveal intriguing stories and unexpected connections.
ILOVEYOU
Meaning: Named after the subject line of the phishing emails it used to spread.
In 2000, the ILOVEYOU worm swept across the globe, targeting millions of computers with a deceptively innocent email subject: “I LOVE YOU.” Victims, tempted by curiosity or affection, opened the attached “love letter” file, unknowingly unleashing a worm that overwrote files and spread itself through the victim’s contact list. The irony was stark—there was no love, only destruction.
Zeus
Meaning: A nod to the malware’s godlike capabilities, akin to the king of the gods.
Zeus is a banking Trojan designed to steal sensitive information, such as banking credentials. First detected in 2007, its formidable power lay in its ability to execute man-in-the-browser attacks while remaining stealthy. Over time, Zeus evolved into a prolific malware family, spawning numerous variants and maintaining its reign as a dominant force in the cybercriminal underworld.
Oompa-Loompa
Meaning: A reference to the helpers in Willy Wonka & the Chocolate Factory.
This Trojan targeted Apple’s iChat in 2006, exploiting the victim’s trust to spread itself. It sent fake messages to contacts, urging them to open an image file. The name likely drew inspiration from the Oompa-Loompas—mischievous workers who spread through the factory in a somewhat chaotic, factory-worker fashion, much like how this malware spread through iChat.
Snow White
Meaning: Inspired by the fairy tale, but with a sinister twist.
The Snow White malware, active in the late 1990s, is believed to have been part of a spam campaign promoting illegal activities. It disguised itself as harmless files with attractive names, luring victims into opening them. The name seems to be a sly reference to the poisoned apple from the fairy tale, tempting users into danger.
Koobface
Meaning: An anagram of Facebook.
The Koobface worm, which emerged around 2008, targeted social media platforms like Facebook and MySpace. It tricked users into clicking malicious links, spreading primarily through social connections. The name, an anagram of “Facebook,” reflected its targeted platform while giving the malware an air of playful menace.
Michaelangelo
Meaning: Named after the famous Renaissance artist, due to its activation date.
Michaelangelo was a DOS-based virus that activated on March 6, the birthday of the famous artist Michelangelo Buonarroti. Discovered in 1991, the virus was feared to have catastrophic potential, though the actual damage it caused was relatively minimal. The virus’s artistic name, paired with its destructive nature, gave it a peculiar charm, blending creativity with chaos.
Sadmind
Meaning: Likely a reference to the melancholy nature of its payload.
The Sadmind worm exploited vulnerabilities in Sun Microsystems’ Solaris and Microsoft IIS servers in the early 2000s. Its rapid spread and politically motivated cyberattacks made it notorious. The name, evoking a sense of sadness and melancholy, mirrored the worm’s somber impact on its victims.
Father Christmas
Meaning: A holiday-themed malware with a deceptive name.
Father Christmas emerged during the holiday season, spreading disguised as festive greeting messages. Its cheerful name masked a malicious payload, highlighting the contrast between the holiday spirit of giving and the malicious nature of cybercrime. This malware was a stark reminder of the unexpected threats that can emerge during the season of goodwill.
BugBear
Meaning: Named after a folkloric creature, symbolizing the malware’s disruptive nature.
BugBear, first detected in 2002, was a worm that targeted businesses by infecting networks and keylogging sensitive information. Its name, drawn from the mythical “bugbear” creature, underscored its nuisance-like nature. Much like a mischievous creature lurking in the shadows, BugBear sneaked into systems to cause disruption.
WannaCry
Meaning: Capturing the emotional reaction of its victims.
The WannaCry ransomware attack of 2017 lived up to its name by spreading chaos and locking users out of their data. By encrypting files and demanding Bitcoin ransom, it took advantage of a leaked NSA exploit. The name encapsulated the despair of its victims, as millions of people and organizations “cried” over lost files and the demands for payment, making WannaCry one of the most infamous malware incidents in history.
Why the Weird Names?
Malware names often reflect their creators’ creativity, dark humor, or attempts to mislead. These names can also serve as a way for cybersecurity researchers to identify and discuss threats using memorable, distinct terms.
The next time you encounter a malware attack, take a moment to appreciate the strange, often ironic stories behind its name. But remember—while the names may amuse, the threats are very real, so do not let your guard down!
Sources:
- https://usa.kaspersky.com/blog/cybersecurity-history-iloveyou/26869/?srsltid=AfmBOoq28y26yBC4Sdjq81ZmdhbpCbC882C1Z_RfLh_K74J0rZcV5AWj
- https://www.crowdstrike.com/en-us/cybersecurity-101/malware/zeus-malware/?srsltid=AfmBOorNsDbmnj3X1AYoaNl-RNsSGdXNKgBIwGjliskfEI9SSaQsR0ja
- https://www.macworld.com/article/178862/leapafaq-2.html
- https://computer.howstuffworks.com/worst-computer-viruses.htm
- https://www.theregister.com/2001/01/10/vandals_behind_spread_of_hybris/
- https://www.f-secure.com/v-descs/hybris.shtml
- https://www.netsurion.com/articles/malwares-crazy-names-where-do-they-come-from#:~:text=There’s%20Heartbleed%2C%20Melissa%2C%20and%20GooLoad,(more%20on%20this%20later).
- https://ntrs.nasa.gov/citations/19920019024
- https://www.kaspersky.com/resource-center/definitions/what-is-the-koobface-virus
- https://cybernews.com/editorial/the-first-malware-scare-turns-30-the-michelangelo-virus/
- https://www.f-secure.com/v-descs/sadmind.shtml
- https://usa.kaspersky.com/resource-center/threats/ransomware-wannacry?srsltid=AfmBOooUn0q3Y2o65HqeVIvCmK65UAQlBbuPrDadpa903DBdMs62nizT
