A List of the Deadliest Computer Viruses in History

Computer viruses come in all shapes and forms. Some can be annoying but harmless, while others can damage an entire nation’s nuclear program. Part of the difficulty in compiling a list of viruses is that there is no agreed definition of what constitutes a virus, and that some viruses which seem to be new at discovery, turn out to be variants of older viruses. With all that in mind, I’ve compiled this list of the top computer viruses. So read on if you want about the ten deadly viruses in history.

1. ILOVEYOU

Considered one of the most virulent computer virus ever created, ILOVEYOU infected one tenth of all Internet-connected computers in ’00 with an estimated $15 billion in damages. It was so bad that governments (Pentagon, CIA and UK Parliament) and large corporations took their mailing system offline to prevent infection.

It was created by Reonel Ramones and Onel de Guzman (both Filipino programmers). What it did was use social engineering (the psychological manipulation of people into performing actions) to get people to click on the attachment; the email’s subject line would say that it was a love letter from a secret admirer. The attachment was actually a script that poses as a TXT file (it relied on flaws in Windows to allow it to hide the fact that it wasn’t in fact a text file, but a .vbs file).

Once clicked, it will send a copy of itself to everyone in the user’s mailing list and proceed to overwrite files with itself, making the computer unbootable. Due to lack of any laws about malware at the time the two were never charged. This led to the enactment of the E-Commerce Law to address the problem.

2. Code Red

One of the most well-known viruses to date, Code Red first surfaced in ’01 and was discovered by two eEye Digital Security employees Marc Maiffret and Ryan Permeh. It was named so because the two were drinking Code Red Mountain Dew at the time of discovery.

The worm targeted computers running on Internet Information Services (IIS) web server of Microsoft, exploiting a buffer overflow problem in the system. It leaves very little trace on the hard disk as it is able to run entirely on memory, with a size of around three bytes.

Once infected, it will actively look for other machines on the networks to attack. It will then launch a dos attack on several IP address, famous among them was the attack on the White House website. It also allows backdoor access to the server, allowing for remote access to the machine.

The most memorable symptom is that it would deface the affected web pages with the words “Hacked by Chinese!.” A patch was later released by Microsoft and it was estimated that it caused over $2 billion in damages. Between 1 and 2 million computers were infected overall.

3. Melissa

Created by David L. Smith in ’99, Melissa started as an infected Word document that was posted up on alt.sex newsgroup, claiming to be a list of passwords for various Web sites that require memberships.

Once downloaded and opened, it would disable various safeguards in Word 97 or 2000 and then would mail itself to the top 50 addresses on the victim’s email address book. This caused an increase of email traffic, disrupting the email services of governments and corporations (including Microsoft Corporation & Intel).

The Word document was traced back to Smith, after a lengthy trial process, Smith lost his case and received a 20-month jail sentence. The court also fined Smith $5,000 and forbade him from accessing computer networks without court authorization. The virus reportedly caused $80 million in damages.

4. Sasser

Created by Sven Jaschan (also the creator of Netsky worm), Sasser is a Windows worm that was first discovered in ’04. It worked by scanning random IP addresses until it found one that was vulnerable, it would then use the computers via the vulnerable port, and instruct them to download the virus using a buffer overflow in Microsoft OSs such as Windows 2000 and Windows XP. The payload would slow down and crash the computer, while making it hard to reset without cutting the power.

While exploit was already patched, millions of computers were still infected because they haven’t updated, taking out critical infrastructures, such as airlines, public transportation, hospitals, and so forth. It caused around $18.1 billion of damage. Sven was tried as a minor and received a twenty-one month suspended sentence.

5. Conficker

First identified in ’08, Conficker, which is also known as Downup or Downadup, is a worm that targets Windows OS. The malware infects computers using flaws in the operating system to create a botnet.

One of the largest known worm infections in history, it infected millions of computers around the globe, affecting governments, businesses and individuals and caused an estimate damage of $9 billion.

The worm works by exploiting a network service vulnerability that was present and unpatched in Windows. Among the symptoms of Conficker are user accounts being locked, local area networks being flooded with traffic, and access to Windows update and antivirus sites being blocked.

Then, it proceeds to install software that will turn the computer into a botnet slave which would then be used to distribute spam or install scareware. Microsoft later provided a fix and patch with many antivirus vendors providing updates to their definitions.

6. Stuxnet

Originally aimed at Iran’s nuclear facilities, Stuxnet is believed to have been created by the Israeli Defence Force together with the American Government (though neither country has openly admitted responsibility). First uncovered in ’10, it was estimated the computer worm managed to ruin 1/5th of Iran’s nuclear centrifuges and that nearly sixty percent of infections were concentrated in Iran.

Stuxnet was designed to attack industrial Programmable Logic Controllers (PLC), which allows for automation of processes in machinery.

It would search each infected PC for signs of Siemens Step 7 software and traveled on USB sticks. It altered the speed of the machinery, causing it to burn itself out. If the infected computer didn’t contain Siemens software, it would lay dormant and infect others in a limited fashion as to not give itself away. Siemens eventually found a way to remove the malware from their software.

7. Mydoom

First appeared in ’04, Mydoom was a worm for Windows that became one of the fastest spreading email worm since ILOVEYOU, and has since never been topped.

The most devastating computer virus to date, it was named by Craig Schmugar (McAfee employee), one of the first people to discover it. ‘mydom’ was a line of text in the program’s code (my domain) and sensing this was going to be big, felt that having ‘doom’ in the name was appropriate.

Mydoom spreads itself by appearing as an email transmission error and contains an attachment of itself. The text of the email contains the rather cryptic message: “andy; I’m just doing my job, nothing personal, sorry.” Once executed, it will send itself to email addresses that are in a user’s address book and copies itself to any P2P program’s folder to propagate itself through that network.

The payload first opens up a backdoor to allow remote access and second it launches a dos attack which particularly target computers belonging to SCO.com. Although the author is unknown, it was believed that Mydoom was created to disrupt SCO due to conflict over ownership of some Linux code. It caused over $38 billion in damages and is still active in some shape today.

Leave a Comment