The group name represents a major group of similar viruses in a virus family, something like a sub-family. Examples are AntiCAD, a distinguished clone of the Jerusalem family, that has numerous variants itself, or 1704 (a group of several virus variants in the Cascade family; but note that this group name would not be acceptable now because it is ‘numeric’). When selecting a group name, the same guidelines as for a family name should be applied, except that existing, well-established numeric names are more permissible.
Group names are now seldom used except in some large, older DOS virus families where they became well established due to the efforts of the CARO naming meeting members. In fact, despite those early naming sessions agreeing on some elaborate family name/group name hierarchies, the group name component is now largely deprecated, with many of the former group names having been ‘promoted’ to family names, formally severing the association with the broader family group. It is now recommended that group names not be used in new malware families.