Since 1986, many harmless or harmful malware have emerged and disappeared as cybersecurity enthusiasts learned to cope with them. Nonetheless, a few of these are known for being the worst computer worm attacks in computer security history.
This article tells you about the top 12 worst computer viruses to hit the digital arena. Furthermore, these viruses are all ranked according to the extent of financial damage they inflicted on the world. Hence, while they might not look so sophisticated, they undoubtedly proved to be the most successful viruses for cybercriminals.
Quick list of the worst computer viruses
Here is a summary of the dangerous computer viruses in history
- Mydoom (38 billion): It caused an estimated $38 billion in damage and was responsible for a quarter of the world’s email traffic. Although it still exists, it’s behind only 1% of the world’s phishing emails.
- Sobig (30 billion): A worm in 2003 caused about 30 billion USD in damages and disrupted many businesses worldwide, including Air Canada.
- Klez (19.9 billion): It appeared in 2001, infected 7.2% of all PCs, sent fake emails, and evolved into more dangerous iterations over the years.
- Iloveyou (15 billion): It disguised itself as a plain text file in love letters and sent copies of itself to every contact in the infected computer’s email list.
- Conficker (9 billion): it was a worm for Windows that exploited security gaps, infected nine million systems worldwide, caused nine billion USD in damages, and created a botnet by downloading another software on the affected computers.
- WannaCry (4 billion): It encrypted computer and cloud files, demanding payment for a key to unlock them, affecting 150 countries and 200,000 computers worldwide.
- Zeuz (3 billion): It was blamed for 44% of all banking malware attacks by Unisys in 2010 and comfortably infiltrated many organizations’ computers worldwide.
- Code Red (2.4 billion): It was a worm-caused DDoS attack against the White House website and infected almost one million hosts, leaving no trace in hardware and causing damages of 2.4 billion USD.
- Slammer (1.2 billion): It infected 200,000 computers and caused DDoS attacks on selected internet servers, mainly targeting banking computers in the US and Canada.
- CryptoLocker (665 million): Infected an estimated 250,000 systems, encrypted critical files, demanded a ransom, and cost victims an estimated USD 665 million.
- Sasser (500 million): Caused damages of around 500 million USD by crashing millions of computers worldwide, and he received a suspended sentence due to being a minor at the time.
- Melissa (80 million): It was a Word document that infected computers through a macro, then emailed itself to the top 50 contacts in the user’s email directory, causing economic damage of 80 million USD.
The top 12 worst computer virus campaigns in digital history
Below, we give you the costs, reach, key facts, and other details surrounding each virus. Nonetheless, this is not an extensive list of all digital viruses. Instead, they’re just the worst-known malicious programs known to exist so far.
Every day, we have about 127 million pieces of malware attacking digital denizens. So, the list is infinite for any practical purposes. Our top twelve are the very worst but are not representative at all.
Not all the viruses listed below may fall into the category of “viruses” (technically). Instead, we have used the words “virus” and “worm” interchangeably here. This list merely intends to let you know the most devastating malware that have incurred huge financial damages until now.
1. Mydoom (38 billion)
The Mydoom outbreak is the worst virus attack ever to happen. Its estimated damage went as high as 38 billion USD (which would be 52.2 USD in current terms after adjusting for inflation). It also went by the name of “Novarg.” It was a worm that found its way around the internet mass emails. As this worm was active, it was responsible for about a quarter of the world’s email traffic.
As Novarg arrived into a system, it would scan it for fresh addresses. Then it sent copies of itself to those addresses. It also linked the infected computer to a botnet whose purpose was to carry out DDoS (Distributed Denial of Service) attacks. These attacks shut down a website or a server by overwhelming it with junk traffic.
The funny thing about Mydoom is that it’s still around. But, unfortunately, it’s behind about 1% of the world’s phishing emails. If 1% strikes you as a meager fraction of those activities, think about this: the phishing traffic is currently about 3.4 billion emails daily.
So, that one percent represents thousands of millions of emails. So even 16 years after it was at the center of the world, Mydoom still has a life of its own, infecting those devices with the worst protection possible and producing 1.2 billion copies of itself yearly.
The Mydoom author was a wanted man. A quarter-million USD reward was available for his head, but nobody ever found him.
2. Sobig (30 billion)
Sobig appeared in 2003 as another worm, just like Mydoom. However, its success as the most dangerous cyber virus is second only to Mydoom’s as it managed to create about 30 billion USD in worldwide damage. It reached Europe, the US, and Asia. The authors released several Sobig versions quickly known from Sobig.A to Sobig.F. The last one was the worst.
This malware showed itself as a legitimate piece of software attached to emails.
It disrupted the activities of many businesses worldwide, with Air Canada ticketing being the most famous problem of its time.
3. Klez (19.9 billion)
Klez appeared even earlier than the two previous worms in 2001. It’s remarkable that, as the world was not as interconnected back then, it still found its way into 7.2% of all PCs existing on the planet. Klez would send fake emails, known spoof senders, and kill other viruses within a system.
Klez came in many flavors, as other viruses and worms often do. Also, it stayed alive and active for several years, hiding in many of the world’s active networks. During all this time, it kept evolving to release more dangerous iterations.
4. Iloveyou (15 billion)
During the 2000s, this worst computer infection would arrive in your inbox disguised as a love letter. But then, it seemed to be nothing but a plain text file. It followed a strategy similar to Mydoom’s by sending copies of itself to every contact in the infected computer’s email list.
Iloveyou (aka Loveletter) hit the internet on May 4th. And it must have found the force within it because it reached 10 million computers very quickly.
The author was Onel e Guzman, a college student from the Philippines. His original aim was to steal passwords for various online services simply because he didn’t want to pay for the subscriptions. However, it seems that he never intended for his work to spread or do so much damage.
5. Conficker (9 billion)
Conficker, or Downup or Downadup, is a worm of unknown origin for Windows that first showed its ugly face in 2008. This malware proved how dangerous the overabundant security gaps in Windows could become as it exploited them to create a botnet.
Nine million systems became hosts to Cornficker in every imaginable country, including places like private businesses, governments, and individuals.
Very few worms managed to infect so many computers and do so much damage — nine billion USD.
The virus used a vulnerability in a Windows network service that Microsoft took too long to patch. The active infection reset account lockout practices blocked the Windows update and antivirus websites, turned off the services that could identify it, and locked out specific user accounts. But that’s just laying the ground. Once all those changes are affected, the worm downloads and installs another piece of software that turns the computer into a slave in a botnet.
6. WannaCry (4 billion)
The 2017 WanaCry is the first ransomware on our list. It takes over your computer (or cloud files) and encrypts them to make them unavailable. Then, it asks you to pay a ransom (hence, the name) to receive the decryptor to unlock your data.
WanaCry arrived at the computers of 150 countries in a single day. It hit many organizations (hospitals, governmental offices, and private businesses), causing massive disruption. And every victim that didn’t pay the ransom fee had to rebuild their digital infrastructure from zero.
The number of hijackings went over 200.000 computers worldwide.
Fortunately, Marcus Hutchins, a 22-year-old security expert in the UK, eventually found a way to neutralize WannaCry.
The WannaCry episode illustrated how the most outdated operating systems are vulnerable to attacks. That is why updating your system is a standard security practice.
7. Zeuz (3 billion)
The Zeuz theft tool hit the web for the first time in 2007. In 2010, a security whitepaper by Unisys blamed it for 44% of all banking malware attacks. By the time Zeuz was dissected and understood, it was comfortably installed in the computers of about 88% of the Fortune 500 corporations, over 2000 other organizations, and 76,000 computers in 196 countries.
The thing about Zeus is that it wasn’t merely a single piece of code that knew how to misbehave. It was more like a suite, including several programs composing the global Zeus botnet. The Zeuz attacks aimed to hijack the victim’s computers on behalf of the remote “botmaster.”
Zeuz arose from Eastern Europe and transferred money into secret bank accounts.
There was no single, lonely, poor programmer behind Zeuz. Instead, it had an entire organization supporting and profiting from it. In 2010, more than 100 members of the virus crime ring were arrested.
Zeuz is not as prominent at present, but it spawned a new generation of malware as other developers used pieces of the Zeuz code to integrate into their own, more recent, worms and viruses.
Zeuz-related documented damage ascended to 100 million USD. But that’s just the number you can back up with hard evidence. The costs in terms of lost productivity, morale, and undocumented theft must be several times higher. If we estimate all that damage and adjust for inflation, Zeuz costs at least 4 billion USD while active.
8. Code Red (2.4 billion)
The Code Red worm came to light in 2001 and invaded about 975,000 hosts.
It announced its presence by shouting “Hacked by Chinese!” on the infected web pages and entirely used the targeted computer’s memory for execution. Unfortunately, it left no trace in the hardware (like files on a hard drive), which complicated the forensic analysis.
The damage ran into 2.4 billion USD.
This virus went against the infected computers’ websites and ran a DDoS attack against the U. S. government’s White House website. That is why the White House could only neutralize Red Code after it changed its webpage’s IP address.
9. Slammer (1.2 billion)
SQL Slammer was a 2003 worm that infected 200,000 computers and incurred 750 million USD in damages. It’s one of the most sophisticated worms on our top twelve list of worst PC virus types.
Slammer would randomly select an IP address and explore the security vulnerabilities in the target system. If the target environment were feasible for the attack, it would replicate the target system. Once it had many infected computers ready, it launched DDoS attacks on some selected internet servers, thus ruining their traffic.
Banking computers in the US and Canada had the worst experience with Slammer. The worm even forced ATMs to go offline in multiple places. Account-holders at Toronto’s Imperial Bank of Commerce found themselves helpless to recover their saved money.
No definitive solution was ever found to prevent SQP Slammer infections. In fact, 2016 saw the attack surface again from computers located in Mexico, China, and Ukraine.
10. CryptoLocker (665 million)
CrypoLocker appeared in 2013, and it was one of the worst computer viruses that gave rise to the ransomware attacks the world’s seen since then.
The estimated number of systems with a CryptoLocker infection is about a quarter million. This software slowly encrypts the files on a computer, carefully choosing those that can have a critical value for the computer’s owner.
Once the ransomware is done encrypting, CryptoLocker displays the ransom note reading, “Your important files encryption produced on this computer.” (We don’t understand it either. It seems you can write excellent and effective code without mastering English.) This message comes along a payment demand, leaving no doubts about what to do next: you pay for the privilege of deciphering your very own files, or you lose all control over your system.
CryptoLocker used the Gameover Zeus botnet to distribute and install millions of CryptoLocker copies in vulnerable systems.
Sophos Security estimates the cost of average ransomware hit at 133,000 USD. If we estimate additionally that CryptoLocker successfully attacked some 5000 corporations, the total cost would have been around 665 million USD, give or take (a lot).
11. Sasser (500 million)
Sven Jaschan was a computer science student in Germany, 17 years old. So he couldn’t drive or buy alcohol or cigarettes, but he could write the code in the Sasser worm.
By the time he got arrested in 2004, he was already of age. There was a 250,000 bounty on his head as the creator of Sasser. However, one of his friends blew the whistle on him. According to this “friend,” he wasn’t responsible for Sasser alone. Instead, he also created the Netsky.AC. (This one didn’t make our list, but that wasn’t good when it happened.)
The legal system gave Mr. Jaschan a suspended sentence when it became clear that he was a minor as he was writing the code.
Sasser crashed millions of computers globally, and with an apparently low infection rate, it incurred damages of around 500 million USD.
12. Melissa (80 million)
Melissa is a name in Greek mythology that refers to the first honey bee. But in 1999, a Florida exotic dancer called Melissa caught the attention of David L. Smith, the author of the eponymous computer virus.
This one started as an infected Word document that the author posted to the Usenet. He persuaded thousands of Usenet lurkers to download it, claiming it was a working password list for adult websites. Eventually, the unavoidable incident happened as people downloaded and opened the file. Upon opening, a macro in the file would come alive and release its payload. Thus, Melissa reproduced itself.
Following the execution, Melissa malware would mail itself to the top 50 contacts in the user’s email directory. This increase in traffic alone was enough to disrupt the world’s email services at that time. In addition, Melissa would show itself by inserting a Simpsons reference into the corrupted Word files now and then.
Mr. Smith uploaded the fateful Word file through a stolen AOL account. Unfortunately for him, this allowed the authorities to trace the file back to him, so they arrested him before a week had passed.
Once caught, he worked with the FBI to capture other virus writers –the Anna Kournikova virus author being the most well-known case.
His cooperation earned him a reduced sentence (20 months) and a 5000 USD fine — he was supposed to serve ten years.
Melissa’s economic damage reportedly was 80 million USD.
Other famous malicious computer viruses
The top twelve worst worms and viruses in digital history are a drop in the ocean.
Until today, we’ve seen so many other wrongdoing pieces of code that picking only twelve became impossible considering the documented economic damage they inflicted.
But it doesn’t mean that all the rest lag behind in their maliciousness. Here are a few more worthy mentions extending the legacy of the worst computer viruses:
- Mimail. It collected data from its infected hosts to launch a series of DDoS attacks.
- Yaha. Experts suspect this bug resulted from the digital war India and Pakistan have been fighting for years. It had several variants.
- Swen. This one was written in C+, marking it more sophisticated than your usual average virus. Swen made your computer think it was a 2003 operating system update; then it infected it. This bug’s damage was about 10.4 billion.
- Tanatos or Bugbear. A keylogger from 2002. It went after systems within the financial apparatus in 150 countries. It’s probably among the least pernicious animals on the list.
- Sircam. Did you ever get an email with the subject “I sent you this file to have your advice.”? Congratulations, you know Sircam!
- Explorezip. Yet another worm using fake emails to spread around the world. It’s also among the worst computer infection attacks in history targeting local networks.
- Flashback. The Apple community has historically felt very (falsely) safe regarding viruses and security. So, Flashback, a Mac-only malware, took advantage of the community’s overconfidence to reach the computers at the Apple Headquarters in Cupertino, California, in 2012.
- Stuxnet. Have you heard about the destruction of Iranian nuclear centrifuges by external agencies exploiting the security flaws in Windows? Well, Tuxnet was the thing that did the trick. It sent the centrifuges instructions that caused them to suffer irreparable damage.
Self-modifying computer viruses and how they work?
Self-modifying computer viruses go beyond the normal replication and reproduction of computer viruses. They can modify themselves during the replication process, causing changes in their malicious code.
These viruses can be categorized into two: Metamorphic and Polymorphic. Polymorphic viruses are more sophisticated because they use encryption algorithms to decrypt and re-encrypt their code, while Metamorphic viruses propagate with variances. Once a host is infected, these viruses can change their code to avoid detection by security measures. Self-modifying viruses pose an even greater risk to computer systems than regular viruses.
The virus and the worm: What is the difference?
The difference between a virus and a worm is very straightforward to understand. A virus is a parasitic code that needs another program to activate it or make it work. On the other hand, a worm can run without any help. That is, it’s self-contained and can replicate, send copies of itself, and do whatever it wants.
How a computer gets a virus
A virus is designed to disrupt normal computer operations by replicating itself and infecting other computers. These viruses can cause significant harm to your computer, such as erasing the hard drive, deleting documents, or even disrupting programs. Even less harmful viruses can slow down your device’s performance, which can cause frustration and affect productivity.
The first and easiest way a computer can get a virus is through links from unknown sources or email attachments. Cybercriminals often impersonate trusted sources, such as brands you follow, employers, or your friends, to get you to click on malicious links or attachments. This is why you should check the sender’s email address and be cautious when clicking links or opening attachments, as you may be just one click away from infecting your computer.
Another way computers can get a virus is by downloading programs or software from unknown sources. To avoid this, installing programs from your system’s app store is best, as they have already been tested and meet the store’s security requirements. Reading reviews before downloading any software from unknown sources can also help avoid malicious programs.
Malvertising is another way that your computer can get a virus. This underground business involves criminals using online ads to perform fraudulent activities, such as installing malicious software on your computer. You can use a browser extension that blocks all ads on a website, or an anti-malvertising tool can help protect your computer.
Worst habits you should avoid to prevent a computer virus
To avoid infections, you must be alert and attentive to your computer behavior. But, since not every virus works the same way, you cannot generalize how your computer should act upon getting a virus.
Nonetheless, you can avoid a few careless habits that often lead to virus infections on your computer, phone, or any other device.
Sharing your personal data
For example, if somebody asks for your personal information in an email, see a red flag.
Do you have an email from AppleSupport2348@gmail.com? Well, Apple Support employees don’t use Gmail for work.
Likewise, be paranoid about attachments. (Your late distant granny would have preferred contacting you directly instead of asking somebody else to hand over her remaining property to you.) You’re just a click away from an infection at all times!
Trusting every email that reaches your inbox
Not every email you receive is legit. So don’t be curious and avoid clicking on links or opening attachments if you aren’t sure what’s waiting for you there.
Downloading software from a random online source
You can’t be familiar with every software developer worldwide, of course. But if you’re going to install a new software of any type, make sure you validate by searching for reviews, reading them thoroughly, and visiting the company’s website. If this friendly little software you’re keen to install has no reviews, website, users, etc., then it’s probably not a clean program you should install. Ignoring these red flags will only make your computer vulnerable to the worst virus attacks.
Viewing or clicking on ‘attractive’ ads
Today, digital advertising is the bane of computer security. This is because a lot of malware spreads through ads on malicious websites. It even has a name, “malvertising,” because it’s become a well-established way for criminals to spread their software.
You can prevent this risk by avoiding fishy sites. But, of course, not all the ads in the world are dangerous. Or you could adopt a more active measure. For example, some VPN services can block ads. Likewise, you can use the more dedicated tools — the adblockers — for this purpose.
Running after free WiFi
While free WiFi hotspots are an attractive marketing strategy for hotels and other public places, they are seldom secure. Often, these public WiFi harbor cybercriminals who keep looking for victims to infect their devices and steal data.
Unless you have a robust antivirus and a VPN on your device, avoid connecting to such free WiFi to protect your online privacy and security.
Has your computer got a virus? Find out!
It’s never been easier to find out if there’s a virus on your computer. Just open your antivirus and see what it tells you. For example, Windows 10 has a Windows Security feature, which includes an impressive protection tool against viruses, the Windows Defender. So search for “Windows Security” and read what it says about the last scan. You can even turn on its notifications to watch when and how it scans your system.
How to protect against new computer viruses
Computer viruses can be devastating, and you can easily become the victim of an attack. Fortunately, you can employ the following measures to stay safe.
Use antivirus software
Antivirus software adds extra protection against malware. It will scan programs on your device for any suspicious files, and you can delete or quarantine them.
Update your operating system and software
Most operating systems and software applications notify you when updates are available, which could fix bugs that leave you vulnerable to viruses.
Therefore, you must update your antivirus software to flag the latest viruses. Moreover, operating systems update patch security vulnerabilities that hackers can exploit.
Use a VPN
Pairing an antivirus with a VPN creates a formidable security alliance. While an antivirus shields against malware threats, a VPN encrypts your internet connections to protect your data. Therefore, you must subscribe to a reliable VPN service like NordVPN.
How did we classify those computer viruses as ‘worst’?
The study of computer malware is not an established science at all. In fact, much of it relies on artistic intuition, ironically. So, how did we choose our top twelve entries for the most malicious computer viruses?
We considered estimates of lost work, infection length, and the estimated number of infections. Also, cleaning up a virus takes resources, and we considered that too. Unfortunately, the damage due to computer malware is an economic statistic that no government in the world reports officially, so there’s always a lot of guesswork involved.
Don’t worry if you compare our numbers with those in other reports and find differences. The truth is that nobody has any accurate data. Still, we considered several reports and shared with you something that was somehow common among the various sources.
FAQs
Yes, a virus can spread across many computers. This happens when one computer in a network is infected with a virus, and other computers in the same network are not protected adequately. The virus spreads across the network, targeting computers with vulnerabilities to exploit.
Mydoom is the most dangerous computer virus as it can spread across the internet at unprecedented speed. This virus exploited computer systems and network vulnerabilities, causing an estimated $38 billion in damage. Although it still exists, it’s behind only 1% of the world’s phishing emails.
The internet contains millions of malware; over 500,000 new ones are discovered and detected daily.
Yes. A Trojan is malware that disguises itself as legitimate software or files. It relies on the user to execute it to carry out an attack. The most common forms of trojan attacks include stealing data, taking control of the computer, and opening up a backdoor for other malware to enter.