The dirty digital dozen – 12 worst computer viruses in history

Ali Qamar Last updated: January 11, 2022
Disclosure

These 12 worst computer viruses have generated billions of dollars via stealth malicious activities.

Did you know the world’s first virus actually emerged more than three decades ago? Yes, apparently, the mother of all viruses, “Brain,” first surfaced online in 1986. Since then, many harmless or harmful malware have emerged and disappeared as cybersecurity people learned to cope with them. Nonetheless, a few of these are still the worst computer viruses in the history of computer security.

This article tells you about the top 12 devastating computer viruses to hit the digital arena. Furthermore, these viruses are all ranked according to the extent of financial damages they inflicted on the world. Hence, while they might not look so sophisticated, they undoubtedly proved to be the most successful viruses for cybercriminals.

The top 12 worst computer viruses in digital history

Below we give you the costs, reach, key facts, and other details surrounding each virus. Nonetheless, this is by no means an extensive list of all digital viruses. Instead, they’re just the worst known malicious programs known to exist so far.

Every day, we have about 127 million pieces of malware attacking the digital denizens. So the list is infinite for any practical purposes. Our top twelve are the very worst but are not representative at all.

Not all the viruses listed below may fall into the category of “viruses” (technically). Instead, we have used the words “virus” and “worm” interchangeably here. This list merely intends to let you know the most devastating malware that have incurred huge financial damages until now.

1. Mydoom (38 billion)

The Mydoom outbreak is the worst virus attack ever to happen. Its estimated damage went as high as 38 billion USD (which would be 52.2 USD in current terms after adjusting for inflation). It also went by the name of “Novarg.” It was a worm that found its way around the internet mass emails. As this worm was active, it was responsible for about a quarter of the world’s email traffic.

As Novarg arrived into a system, it would scan it for fresh addresses. Then it sent copies of itself to those addresses. It also linked the infected computer into a botnet whose purpose was to carry out DDoS (Distributed Denial of Service) attacks. These attacks managed to shut down a website, or a server, by overwhelming it with junk traffic.

The funny thing about Mydoom is that it’s still around. But, unfortunately, it’s behind about 1% of the world’s phishing emails. If 1% strikes you as a meager fraction of those activities, think about this: the phishing traffic is currently about 3.4 billion emails daily. So that one percent represents thousands of millions of emails. So even 16 years after it was at the center of the world, Mydoom still has a life of its own, infecting those devices with the worse protection possible and still producing 1.2 billion copies of itself every year.

The Mydoom author was a wanted man. A quarter-million USD reward was available for his head, but nobody ever found him.


2. Sobig (30 billion)

Sobig appeared in 2003 as another worm, just like Mydoom. However, its success as the most dangerous cyber virus is second only to Mydoom’s as it managed to create about 30 billion USD in worldwide damage. It reached Europe, the US, and Asia. The authors released several Sobig versions quickly known from Sobig.A to Sobig.F. The last one was the worst.

This malware showed itself as a legitimate piece of software attached to emails.

It disrupted the activities of many businesses worldwide, with the Air Canada ticketing being the most famous problem during its time.


3. Klez (19.9 billion)

Klez appeared even earlier than the two previous worms in 2001. It’s remarkable that, as the world was not as interconnected back then, it still found its way into 7.2% of all PCs existing then on the planet. Klez would send fake emails, spoof known senders, and kill other viruses within a system.

Klez came in many flavors, as other viruses and worms often do. Also, it stayed alive and active for several years, hiding in many of the world’s active networks. During all this time, it kept evolving to release more dangerous iterations.


4. Iloveyou (15 billion)

During the 2000s, this dangerous computer virus would arrive in your inbox disguised as a love letter. But, then, it seemed to be nothing but a plain text file. It followed a strategy similar to Mydoom’s by sending copies of itself to every contact in the infected computer’s email list.

Iloveyou (aka Loveletter) hit the internet on May 4th. And it must have found the force within it because it reached 10 million computers very quickly.

The author was Onel e Guzman, a college student from the Phlippines. His original aim was to steal passwords for various online services, quite simply because he didn’t want to pay for the subscriptions. However, it seems that he never intended for his work to spread so much or to do so much damage.


5. WannaCry (4 billion)

The 2017 WanaCry is the first ransomware on our list. It takes over your computer (or cloud files), encrypts them to make them unavailable to you. Then it asks for you to pay a ransom (hence, the name) to receive the decryptor to unlock your data.

WanaCry arrived at the computers of 150 countries in a single day. It hit all kinds of organizations (hospitals, governmental offices, private businesses), causing massive disruption. And every victim that didn’t pay the ransom fee had to rebuild their digital infrastructure from zero.

The number of hijackings went over 200.000 computers worldwide

Fortunately, Marcus Hutchins, a 22-year-old security expert in the UK, eventually found a way to neutralize WannaCry.

The WannaCry episode illustrated how the most outdated operating systems are vulnerable to attacks. That is why updating your system is a standard security practice.


6. Zeuz (3 billion)

The Zeuz theft tool hit the web for the first time in 2007. In 2010, a security whitepaper by Unisys blamed it for 44% of all banking malware attacks. By the time Zeuz was dissected and understood, it was comfortably installed in the computers of about 88% of the Fortune 500 corporations, over 2000 other organizations, and 76,000 computers in 196 countries.

The thing about Zeus is that it wasn’t merely a single piece of code that knew how to misbehave. It was more like a suite, and it included several programs that composed the global Zeus botnet. The Zeuz attacks aimed to hijack the victim computers on behalf of the remote “botmaster.”

Zeuz arose from Eastern Europe and transferred money into secret bank accounts. 

There was no single, lonely, poor programmer behind Zeuz. Instead, it had an entire organization supporting and profiting from it. In 2010, more than 100 members of the virus crime ring were arrested.

Zeuz is not as prominent at present, but it spawned a new generation of malware as other developers used pieces of the Zeuz code to integrate into their own, more recent, worms and viruses.

Zeuz-related documented damage ascended to 100 million USD. But that’s just the number you can back up with hard evidence. The costs in terms of lost productivity, morale, and undocumented theft must be several times higher. If we estimate all that damage and adjust for inflation, Zeuz costs at least about 4 billion USD while active.


7. Code Red (2.4 billion)

The Code Red worm came to light in 2001 and invaded about 975,000 hosts.

It announced its presence by shouting “Hacked by Chinese!” in the infected web pages and entirely used the targeted computer’s memory for execution. Unfortunately, it left no trace in the hardware (like files on a hard drive), which complicated the forensic analysis.

The damage ran into 2.4 billion USD.

This virus went against the infected computers’ websites and ran a DDoS attack against the U. S. government’s White House website. That is why the White House could only neutralize Red Code after it changed its webpage’s IP address.


8. Slammer (1.2 billion)

SQL Slammer was a 2003 worm that infected 200,000 computers and incurred 750 million USD damages. It’s one of the most sophisticated worms on our top twelve list.

Slammer would select an IP address at random and explore the security vulnerabilities in the target system. If it found the target environment feasible for the attack, it would replicate to the target system. Once it had a good number of infected computers ready, it launched DDoS attacks on some selected internet servers, thus ruining their traffic.

Banking computers in the US and Canada had the worse experience with Slammer. The worm even forced ATMs to go offline in multiple places. Account-holders at Toronto’s Imperial Bank of Commerce found themselves helpless to recover their saved money.

No definitive solution was ever found to prevent SQP Slammer infections. In fact, 2016 saw the attack surface again from computers located in Mexico, China, and Ukraine.


9. CryptoLocker (665 million)

CrypoLocker appeared in 2013, and it was one of the worst computer viruses that gave rise to the ransomware attacks the world’s seen since then.

The estimated number of systems with a CryptoLocker infection is about a quarter million. This bit of software slowly encrypts the files in a computer, choosing carefully those that can have a critical value for the computer’s owner.

Once the ransomware is done encrypting, CryptoLocker displays the ransom note reading, “your important files encryption produced on this computer.” (We don’t understand it either. It seems you can write excellent and effective code without mastering English.) This message comes along a payment demand, leaving no doubts about what to do next: you pay for the privilege of deciphering your very own files, or you lose all control over your system.

CryptoLocker used the Gameover Zeus botnet to distribute and install millions of CryptoLocker copies in vulnerable systems.

Sophos Security estimates the cost of average ransomware hit at 133,000 USD. If we estimate additionally that CryptoLocker successfully attacked some 5000 corporations, the total cost would have been around 665 million USD, give or take (a lot).


10. Sasser (500 million)

Sven Jaschan was a computer science student in Germany, 17 years old. So he couldn’t drive, buy alcohol or cigarettes, but he was perfectly capable of writing the code in the Sasser worm.

By the time he got arrested in 2004, he was already of age. There was a 250,000 bounty on his head, as the creator of Sasser. However, one of his friends blew the whistle on him. According to this “friend,” he wasn’t responsible for Sasser alone. Instead, he also created the Netsky.AC. (This one didn’t make our list, but that wasn’t good when it happened.)

The legal system gave Mr. Jaschan a suspended sentence when it became clear that he was a minor as he was writing the code.

Sasser crashed millions of computers globally, and with an apparently low infection rate, it incurred damages of around 500 million USD.


11. Melissa (80 million)

Melissa is a name in Greek mythology, and it refers to the first honey bee. But in 1999, there was also a Florida exotic dancer called Melissa who caught the attention of David L. Smith, the author of the eponymous computer virus.

This one started as an infected Word document that the author posted to the Usenet. He persuaded thousands of Usenet lurkers to download it, claiming it was a list of working passwords for adult websites. Eventually, the unavoidable incident happened as people downloaded the file and opened it. Upon opening, a macro in the file would come alive and release its payload. Thus Melissa reproduced itself.

Following the execution, Melissa malware would mail itself to the top 50 contacts in the user’s email directory. This increase in traffic alone was enough to disrupt the world’s email services at that time. In addition, Melissa would show itself by inserting a Simpsons reference into the corrupted Word files now and then.

Mr. Smith uploaded the fateful Word file through a stolen AOL account. Unfortunately for him, this allowed the authorities to trace the file back to him, so they arrested him before a week had passed.

Once caught, he worked along with the FBI to capture other virus writers –the Anna Kournikova virus author being the most well-known case.

His cooperation earned him a reduced sentence (20 months) and a 5000 USD fine — he was supposed to serve ten years.

Melissa’s economic damage reportedly was 80 million USD.


12. Conficker (9 billion)

Conficker, or Downup or Downadup, is a worm of unknown origin for Windows that first showed its ugly face in 2008. This malware proved how dangerous the overabundant security gaps in Windows could become as it exploited them to create a botnet.

Nine million systems became hosts to Cornficker in every imaginable country, including places like private businesses, governments, individuals.

Very few worms managed to infect so many computers and do so much damage — nine billion USD.

The virus used a vulnerability in a Windows network service that Microsoft took too long to patch. The active infection reset account lockout practices, blocked the Windows update and antivirus websites, turned off the services that could identify it, and locked out specific user accounts. But that’s just laying the ground. Once all those changes are affected, the worm downloads and installs another piece of software that turns the computer into a slave in a botnet.


Other famous malicious computer viruses

Top computer viruses in history
(Alamy)

The top twelve worst worms and viruses in digital history are a drop in the ocean.

Until today, we’ve seen so many other wrongdoing pieces of code that picking only twelve became merely possible considering the documented economic damage they inflicted.

But it doesn’t mean that all the rest lag behind in their maliciousness. Here are a few more worthy mentions extending the legacy of the worst computer viruses:

  • Mimail. It collected data from its infected hosts to launch a series of DDoS attacks.
  • Yaha. Experts suspect that this bug resulted from the digital war that India and Pakistan have been fighting for years. It had several variants.
  • Swen. This one was written in C+, marking it as somehow more sophisticated than your usual average virus. Swen made your computer think it was a 2003 operating system update; then it infected it. This bug’s damage was of about 10.4 billion.
  • Tanatos or Bugbear. A keylogger from 2002. It went after systems within the financial apparatus in 150 countries. It’s probably among the least pernicious animals on the list.
  • Sircam. Did you ever get an email with the subject “I send you this file in order to have your advice.”? Congratulations, you know Sircam!
  • Explorezip. Yet another worm using fake emails to spread around the world. It’s also among the deadliest computer viruses in history that attacked local networks.
  • Flashback. The Apple community has historically felt very (falsely) safe regarding virus and security. So, Flashback, a Mac-only malware, took advantage of the community’s overconfidence to reach the computers at the Apple Headquarters in Cupertino, California, in 2012.
  • Stuxnet. Have you heard about the destruction of Iranian nuclear centrifuges by external agencies exploiting the security flaws in Windows? Well, Tuxnet was the thing that did the trick. It sent the centrifuges instructions that caused them to suffer irreparable damage.

The virus and the worm: What is the difference?

The difference between a virus and a worm is very straightforward to understand. A virus is a parasitic code that needs another program to activate it or make it work. On the other hand, a worm can run without any help. That is, it’s self-contained and can replicate, send copies of itself, and do whatever it wants.

How a computer gets a virus?

Viruses and worms get into systems in many ways. Sometimes, the device’s primary user does the hard work.

For instance, the most frequent method of getting infections right now is to click on attachments, open files, or follow links in unwanted emails.

Keep in mind that the definition of “unwanted” mail includes messages that seemingly come from trusted sources (friends, family, colleagues, trusted websites, or companies). How is that possible? Because many a virus will impersonate somebody else to persuade you to open that link or launch that file.

Worst habits that you should avoid to prevent a computer virus

If you’re going to avoid infections, you need to be alert and pay attention to your computer behavior. But, since not every virus works the same way, you cannot generalize how your computer should act upon getting a virus.

Nonetheless, you can certainly avoid a few careless habits that often lead to virus infections on your computer, phone, or any other device.

Sharing your personal data

For example, if somebody asks for your personal information in an email, see a red flag.

Do you have an email from AppleSupport2348@gmail.com? Well, Apple Support employees don’t use Gmail for work.

Likewise, be paranoid about attachments. (Your late distant granny would have preferred contacting you directly instead of asking somebody else to hand over her remaining property to you.) You’re just a click away from an infection at all times!


Trusting every email that reaches your inbox

Not every email you receive is legit. So don’t be curious and avoid clicking on links or opening attachments if you aren’t sure about what’s waiting for you there.


Downloading software from a random online source

You can’t be familiar with every software developer in the world, of course. But if you’re going to install a new software of any type, make sure you validate by searching for reviews, reading them thoroughly, visiting the company’s website. If this friendly little software you’re keen to install has no reviews, website, users, etc., then it’s probably not a clean program that you should install.


Viewing or clicking on ‘attractive’ ads

Today, digital advertising is the bane of computer security. This is because a lot of malware spreads through ads on malicious websites. It even has a name, “malvertising,” because it’s turned into such a well-established way for criminals to spread their software.

You can prevent this risk by avoiding fishy sites. But, of course, not all the ads in the world are dangerous. Or you could adopt a more active measure. For example, some VPN services can block ads. Likewise, you can use the more dedicated tools — the adblockers — for this purpose.


Running after free WiFi

While free WiFi hotspots are an attractive marketing strategy from hotels and other public places, they are seldom secure. Often, these public WiFi harbor cybercriminals who keep looking for victims to infect their devices and steal data.

Unless you have a robust antivirus and a VPN on your device, avoid connecting to such free WiFi to protect your online privacy and security.


Has your computer got a you have a virus? Find out!

It’s never been easier to find out if there’s a virus on your computer. Just open your antivirus and see what it tells you. For example, Windows 10 has a Windows Security feature, which includes an impressive protection tool against viruses, the Windows Defender. So search for “Windows Security” and read what it says about the last scan. You can even turn on its notifications to watch when and how it scans your system.

How did we classify those computer viruses as ‘worst’?

The study of computer malware is not an established science at all. In fact, much of it relies on artistic intuition, ironically. So how did we choose our top twelve entries for the most malicious computer viruses?

We considered estimates of lost work, infection length, the estimated number of infections. Also, cleaning up a virus takes resources, and we considered that too. But unfortunately, the damage due to computer malware is an economic statistic that no government in the world reports officially, so there’s always a lot of guesswork involved in this.

Don’t worry if you compare our numbers with those in other reports and find differences. The truth is that nobody has any accurate data. Still, we considered several reports and shared with you something that was somehow common among the various sources.

Conclusion

The world spends at least 55 billion USD cleaning up and repairing the damage that results from the spread of viruses and worms. Mydoom has the record for damage, at 38 billion, but there have been many other strong hits. And even when a given virus doesn’t seem to cost that much money, the damage in terms of time wasted, trust in the system, and other things that are impossible to quantify remain there.

However, the future looks bright regarding malware and virus prevention measures. Today’s digital security technology is better and more cost-effective than ever. As far as you take care of your digital and computer security, even the worst viruses can’t harm you. Just keep your system updated at all times, get a good antivirus suite, and apply cybersecurity best practices to stay safe online.

Above all, remain aware. Keep visiting our site to educate yourself on privacy, anonymity, and security issues so you can always keep yourself a step ahead of the rest. Stay safe. Stay private.

Share this article

About the Author

Ali Qamar

Ali Qamar

Ali Qamar is the founder of PrivacySavvy, which he started out of the sheer passion for making every internet user privacy savvy. Ali has always been concerned about security and privacy for the general public and is very libertarian. Even before Edward Snowden appeared, he has been a privacy advocate even before Edward Snowden appeared with his revelations about NSA's mass surveillance. Ali graduated with a computing degree from the leading IT college in Pakistan, so he boasts a background in this area. He has an accountable understanding of the technical sides of encryption, VPNs, and privacy. Ali is regularly quoted in the privacy and security reports by the local press. His contributions have been featured in SecurityAffairs, Ehacking, HackRead, Lifewire, Business.com, Intego, InfosecMagazine, and many more publications online. Ali is naturally attracted to transforming things. Read More

Comments

No comments.