Computer viruses take many different shapes and forms, and the damage they do ranges from mildly annoying to damaging an entire country’s nuclear program. Part of the difficulty in compiling a list of viruses is that there are varying definitions of what constitutes a virus, and that some viruses which at discovery seem to be new, turn out to be variants of older viruses. With all that in mind, we’ve put together our list of the top computer viruses.
First discovered in 2008, Conficker, which had many aliases, including Downup, Downadup, and Kido is a worm that targets Windows operating systems. It uses a variety of different malware techniques, including exploiting flaws in Windows and using dictionary attacks on administrator passwords to infect computers and propagate, forming a botnet. It infected millions of computers in 190 countries, including those on networks run by the French Navy, the UK Ministry of Defence, and the UK House of Commons. Among the symptoms of Conficker are user accounts being locked, local area networks being flooded with traffic, and websites that host antivirus software becoming inaccessible.
Conficker was so troublesome that an industry group, spearheaded by Microsoft and including ICANN and Verisign was formed to try and combat it.
The ILOVEYOU worm attacked tens of millions of computers running Windows from May 2000. It got its name from the subject line of the email to which it was attached, disguised as a text file. When the attachment was opened, it triggered a Visual Basic script that started to destroy files and sent a copy of itself to all the contacts in Windows’ Address Book.
ILOVEYOU relied on flaws in Windows to allow it to hide the fact that it wasn’t in fact a text file, but a Visual Basic script. But it also used social engineering, creating curiosity in the mind of the recipient, to persuade users to open the attachment. At the time, it was estimated that one in ten internet-connected computers had been affected, and a cost of $5-8 billion, with a further $15 billion in clean-up costs. The Pentagon, CIA and UK Parliament shut down email systems to protect themselves. And the virus even inspired a song by the Pet Shop Boys that reflected on the human desires that allowed the virus to spread.
3. Morris Worm
One of the first worms distributed over the internet, the Morris worm, named after its creator, Robert Morris, a graduation student at Cornell University, was released on 2 November 1988. Morris, now a professor at MIT, claimed the worm was intended to demonstrate security flaws in Unix systems. However, a coding error, resulting from an attempt to prevent the worm being easily disabled, resulted in a massive denial of service attack which was estimated to have infected 6,000 computers. This figure was arrived at by multiplying all the computers that were estimated to be connected to the internet by 10% – the same way that the effect if the ILOVEYOU virus and several others were estimated. The US Government said the damage cost between $100,000 and $10,000,000 and the Morris worm resulted in the first conviction under the 1986 US Computer Fraud and Abuse Act.
Until Mydoom came along, ILOVEYOU held the record for the fastest spreading email worm ever. But that all changed in January 2004. And 15 years later, Mydoom, first spotted in that month, still holds the record. Mydoom was named by one of the first people to discover it, who noted that code contained the word ‘mydom’ and given the fact that it was already apparent that it would spread quickly, felt that having ‘doom’ in the name was appropriate.
Mydoom affected Windows computers and used a backdoor to take control of a PC and subvert Windows Explorer. It launched a distributed denial of service attack which seemed to particularly target computers belonging to SCO.com. But avoided hitting email addresses registered to some universities as well as those at Microsoft and Symantec. The text of the email used to spread the virus contained the rather cryptic message: “andy; I'm just doing my job, nothing personal, sorry.”
Remember we said in the introduction that the damage caused by viruses included damaging an entire country’s nuclear program? Well, that was Stuxnet. Believed to be a joint US/Israeli cyberweapon, though neither country has openly admitted responsibility, Stuxnet was first discovered in 2010. The purpose of the virus was said to be to interfere with Iran’s attempts to build a nuclear weapon. It was spread by USB thumb drive and targeted software that controlled a uranium facility in Iran. According to a report in the New York Times, the damage it caused was so great it caused 1,000 centrifuges to self-destruct. The Times reported that it was a ‘programming error’ that allowed Stuxnet to escape the facility in Iran and spread around the world on the internet. It was said to be part of a wider US effort, called Olympic Games, to disrupt Iran’s nuclear programme.
Ransomware has become hugely popular among hackers and cybercriminals for obvious reasons. By either disrupting users’ systems, preventing access to data, or using social engineering to prey on their fears, criminals extract payment in return for removing the threat. CryptoLocker was one of the first examples. Released in September 2013, CryptoLocker spread via email attachments and encrypted files on infected computers making them impossible to access. In order to restore access to their data, users had to pay a ransom, at which point the cybercriminals behind CryptoLocker would send a decryption key that could be used to unencrypt the files. Some users reported that they were able to regain access by carrying out a System Restore or using data recovery software. Others said that when they had tried to recover files, they had lost them completely.
The US State Department announced in June 2014 that the botnet used to distribute CryptoLocker had been disrupted. And in February 2015, the FBI offered $3m for information leading the arrest of Evgeniy Bogachev, the man they believed responsible for CryptoLocker.
7. Sasser & Netsky
Sasser and Netsky were two different viruses but are often grouped together because they are believed to have been created by the same person. Sasser worked by scanning random IP addresses, connecting to the computers using them via a vulnerable port, and instructing them to download the virus using a buffer overflow in Windows 2000 and Windows XP. Netsky was spread by email and enticing recipients to open an attachment.
In 2004, a German student was arrested on suspicion of creating the viruses. Some believe that his motivation was to provide business for his parents’ PC company, while others think he wanted to create a virus that would spread faster than Mydoom, which was creating headlines at the time.
8. Anna Kournikova
Named after the Russian tennis player, the Anna Kournikova was more of a joke than anything more sinister and designed to exploit that fact that in the early-nineties, Anna Kournikova was one of the most searched for terms on the internet. The virus itself was disguised as a jpeg image, but, like ILOVEYOU, was a visual basic script that ran automatically when it was downloaded. It spread as an email with and attachment that automatically sent itself to every contact in a user’s Windows Address Book, but did very little actual damage.
9. Storm Worm
Whereas Anna Kournikova persuaded computer users to open an attachment with a promise of what they might see, Storm Worm exploited users’ thirst for sensational news headlines. In this case, the headline was "230 dead as storm batters Europe” which accompanied a link to the “story”. When users clicked the link, instead of reading a news story, they download a virus that then turned their computer into a bot that re-distributed the email.
Believed to be the first computer virus for MS-DOS, Brain was released in 1986 and infected the boot sector of storage media, primarily floppy disks, formatted with DOS File Allocation Table (FAT). The boot sector was moved to another sector and marked as bad. Meanwhile text was written into the infected sectors which, remarkably, included the virus authors names and telephone numbers.
These are just ten of the thousands of well-known viruses that have attacked computers over the last several decades. Some are relatively harmless, while others, as we’ve seen are very destructive. If you’re worried that you might have downloaded a virus or other form of malware, you should scan it using an antivirus tool. There are several available for Mac and PC that will scan your computer for free. If you have a Mac, you can also use the malware utility in CleanMyMac X to regularly scan your Mac and keep it safe from viruses. The best protection, however, is common sense. Never click on a link in an email or on a website unless you’re certain where it will take you.