Select Page

“Mystic Compressor…Greetings to Sunbelt – only they know my name ;)”

What this means:

1. Somebody wrote the Trust Warrior rogue and distributed it.
2. Sunbelt researchers analyzed it and put it into VIPRE signatures earlier this month, calling it “Trust Warrior.”
3. The malware writer checked to see if anti-virus applications were catching his rogue – noticed that VIPRE did detect it.
4. He rewrote the code — probably to avoid detection — and added the line about Sunbelt
5. Since Sunbelt’s naming convention for rogues is to use the name they’re given, the malware writer was flattered that we used the name HE gave his creation.

Sunbelt uses the names that show up on the rogues’ graphic user interfaces to make it easier for victims to know what they’ve been infected with.

Sunbelt Rogue Blog description of Trust Warrior here.

This is some old school stuff that dates back to the beginning of the anti-virus industry. Back then the AV companies began the practice of making up different names than the ones given by the virus writers to deny them the satisfaction of seeing THEIR virus name in the news. The first AV researcher to describe a virus got to name it.

In 1995, an AV analyst even managed to rename a virus and add insult to the game. The first Windows 95 virus contained really sloppy code and the first AV researcher to analyze it gave it the name “Boza.” Boza is a lightly fermented drink made with cornmeal, sugar and wine yeast in the Balkan countries. It’s also a euphemism in those countries for something that’s a mess or all mixed up.

I guess you had to be there.

See S!Ri.URZ blog entry here.

Thanks to MAD

Tom Kelchner