Computer Virus Name Generator

Generate realistic-sounding fake computer virus, trojan, worm, and ransomware names following the naming conventions used by antivirus companies. A real virus name has up to five parts: type, platform, family name, variant, and detection suffix. Each generated name comes with a fictional threat profile including severity rating, target vector, payload description, and estimated first-seen date. All names are completely made up and do not refer to any real malware.

Example output: Trojan.Win64.Vexlidor.B!generic — Severity: High • Platform: Windows 64-bit • Vector: Phishing email attachment • Payload: Remote access backdoor with keylogging capability

Malware Type

Platform

How many

Frequently Asked Questions

How do antivirus companies name viruses?

Antivirus vendors follow a loose naming convention with up to five parts: malware type (Trojan, Worm, Virus, Ransomware), target platform (Win32, Win64, JS, Android, macOS), family name (a unique word identifying the strain), variant letter (A, B, C...), and an optional suffix like !generic for heuristic detections. Different vendors often give the same malware different names, which is why researchers also use CVE identifiers as a common reference.

What is the difference between a virus, worm, and trojan?

A virus attaches itself to a legitimate file and spreads when that file is shared. A worm is self-replicating and spreads across networks without needing a host file. A trojan disguises itself as legitimate software to trick users into installing it. Ransomware is a category of trojan that encrypts files and demands payment.

What is a malware family name?

The family name is the core identifier for a group of related malware samples sharing the same codebase or attack pattern. Family names are often invented words, corrupted spellings of real words, or references to the malware's behavior. Variants of the same family are labeled A, B, C, and so on.

What are the most common malware platforms in virus names?

Win32 and Win64 are the most common because Windows is the most targeted desktop OS. Other platforms include JS (JavaScript), Android, macOS, Linux, PDF (malicious document macros), and VBS (Visual Basic Script). The platform part tells analysts which OS or file type is targeted.

Are the virus names generated here real?

No. All names are fictional and randomly assembled. They follow structural conventions used by real antivirus vendors but do not correspond to any actual malware. The tool is designed for creative writing, game development, cybersecurity training materials, and educational demonstrations.

What is a zero-day exploit?

A zero-day exploit targets a vulnerability that is unknown to the software vendor — meaning they have had zero days to patch it. Zero-days are highly valuable to attackers because no patch exists at the time of discovery. They are often sold on underground markets or used by nation-state actors before being publicly disclosed through responsible disclosure or bug bounty programs.

What does ransomware do?

Ransomware encrypts files on the victim's system and demands payment (usually in cryptocurrency) in exchange for the decryption key. Modern ransomware families also exfiltrate data before encrypting, threatening to publish it if the ransom is not paid (double extortion). Notable examples include WannaCry (2017), NotPetya (2017), and LockBit. Regular offline backups are the most effective defense.

What is the difference between a signature and heuristic detection?

Signature-based detection matches files against a database of known malware fingerprints — fast and accurate but blind to new threats. Heuristic detection analyzes behavior patterns and code structure to flag suspicious activity without needing a prior signature. Modern antivirus engines combine both along with sandboxing (running suspected malware in an isolated environment) and machine learning classifiers.

Naming Convention

The standard format is Type.Platform.Family.Variant!Suffix. Not all fields are always present. Many vendors omit the platform for common Windows threats, and the suffix is only used for heuristic or generic detections.

Why Different Vendors Use Different Names

There is no global standard for malware naming. CARO (Computer Antivirus Research Organization) proposed guidelines in 1991, but adoption is inconsistent. The same malware may be called Emotet by one vendor and BankBot by another. CVE numbers provide a vendor-neutral reference.

Severity Ratings

Severity is based on payload destructiveness, propagation speed, and remediation difficulty. Rootkits and ransomware typically rate Critical or High. Adware is usually Low or Medium. The rating shown is fictional and for demonstration purposes only.

Use Cases for This Tool

Fictional virus names are used in cybersecurity training scenarios, tabletop exercises, capture-the-flag challenges, security awareness presentations, game development, and creative writing where realistic-sounding but fake threat names are needed.

How It Works

The generator randomly assembles name components following the structural conventions used by antivirus vendors: an optional platform prefix (Win32, Android, JS), a malware family name chosen from a pool of fictional but realistic-sounding strings, a dot separator, a variant letter or number, and an optional threat level suffix. The resulting names follow the same grammar as real detections like Trojan.Win32.Emotet.B or Ransom.Linux.BlackCat without corresponding to any real malware.

How Antivirus Vendors Name Malware

There is no universal naming standard — each vendor names malware independently, which is why the same threat may be called Emotet by one vendor, Heodo by another, and Banking.Trojan.9872 by a third. CARO (Computer Antivirus Research Organization) proposed a naming standard in 1991 that most vendors loosely follow: Type/Platform.Family.Variant. Microsoft, Kaspersky, and Symantec each add their own extensions. This fragmentation is a known pain point in threat intelligence sharing.

Malware Classification Types

Common malware classification types used in vendor names include: Virus (self-replicating code that attaches to files), Worm (self-propagating across networks without a host file), Trojan (disguised as legitimate software), Ransom or Ransomware (encrypts files for payment), Spyware (exfiltrates data silently), Adware (injects ads), Rootkit (hides at OS or firmware level), Backdoor (remote access), Dropper (delivers a payload), and PUA/PUP (potentially unwanted application or program).

When to Use This

Use the fictional virus name generator for game development (naming in-game malware threats), for writing cybersecurity training materials or awareness presentations, for creating realistic-looking threat dashboards in UI mockups, for tabletop cybersecurity exercises where realistic-sounding threat names add immersion, or for props in film, television, and interactive media productions that need plausible-looking security alert screens.

More Free Tools

🎂