Anatomy of real malware names
Historical malware names combine threat + function: WannaCry (ransomware that 'wants to cry'), NotPetya (fake destructive ransomware), Stuxnet (STUXnet, first known cyberweapon). Effective nomenclature communicates immediate danger.
Common patterns: dangerous animals (Viper, Hydra), dark mythology (Cerberus, Medusa), hostile technical terms (Rootkit, Backdoor). Zeus and Mirai used mythological names to sound powerful. Conficker combined 'config' + offensive German term.
Security industry sometimes renames threats for clarity: Chinese 'Winnti' malware was rebaptized by different firms. Microsoft uses AVxx system (numbers) to avoid glorifying creators. Kaspersky maintains original names but adds technical classification (Trojan.Win32.Agent).
Nomenclature by threat type
Ransomware uses intimidating names with encryption references: CryptoLocker, GandCrab, REvil. Ryuk (Death Note) and Jigsaw (Saw film) took fiction names for fear psychology. WannaCry added deliberate emotionality.
Banking trojans prefer mythology: Zeus, Dridex, Emotet. Legitimate-sounding names help avoid initial detection. Carbanak combined 'carbon' + 'anak' (Russian for 'anarchy'). TrickBot sounds benign until analyzing behavior.
APT (Advanced Persistent Threat) use numeric designations: APT28 (Fancy Bear), APT29 (Cozy Bear). Security firms assign these codes because state attackers don't publicly 'name' their tools.
Cyberpunk aesthetics and fiction
For cyberpunk fiction, combine tech elements with visceral threat: DarkWorm, GhostPhisher, CyberReaper. Neuromancer (Gibson) used 'ICE' (Intrusion Countermeasures Electronics) and viruses with names like 'Chinese virus' or 'Kuang Grade Mark Eleven'.
Games like Watch Dogs use plausible names: ctOS, Blume (corporation), DedSec (hacktivists). Deus Ex presented realistic variants: Gray Death (nano-virus), Hyron Project. Best fictional names could exist in reality.
Common fiction mistakes: too obvious names (SuperVirus2000), absence of versioning, ignoring that real malware rarely has self-assigned 'cool' names. Creators use internal designations; researchers assign public names afterward.
Nomenclature in education and simulations
For security training, use clearly fictional names to avoid confusion with real threats: TestTrojan, SimulatedWorm, TrainingRansomware. SANS Institute uses 'Holiday' (festivities) for exercises: ChristmasWorm, HalloweenBot.
CTF (Capture The Flag) and wargames use consistent thematic nomenclature: HackTheBox has 'Machines' with concept names (Obscurity, Traceback). TryHackMe groups by difficulty and theme without glorifying real malware.
Academic environments must balance realism with responsibility: mentioning WannaCry or Stuxnet as case studies is valid, but creating 'MyWannaCry' in lab may confuse automatic detection. Prefixes like 'EDU-' or 'LAB-' help: LAB-Ransomware-A, EDU-Trojan-Banking.