10 Deadliest Computer Viruses of All Time

Experiencing a Computer Virus is something many users have faced at one point or another. For most, it’s a minor inconvenience that calls for a system cleanup and the overdue installation of that antivirus software you’ve been planning to set up.

However, in some instances, the impact can be devastating, rendering your computer an expensive paperweight that no antivirus software can salvage.

In this article, we’ll spotlight some of the most damaging and notorious computer viruses that have inflicted real-world harm. We’re broadening our scope to include general malware like worms and trojan horses, as these have also caused significant damage, amounting to billions of dollars and affecting essential infrastructure.

Let’s dive into the 10 most notorious and harmful computer viruses you should know about.

1. The ILOVEYOU Virus

This virus caused chaos worldwide, inflicting an estimated $10 billion in damages. It’s believed that 10% of the world’s computers were infected. The situation was so dire that governments and large corporations had to take their email systems offline to prevent further spread.

The virus was the work of two Filipino programmers, Reonel Ramones and Onel de Guzman. It leveraged social engineering to trick people into opening an attachment that appeared to be a love confession. However, the attachment was actually a malicious script disguised as a TXT file.

Once activated, the virus would send itself to everyone in the user’s email list and overwrite files, rendering the computer unusable. The creators were never prosecuted due to a lack of relevant laws at the time, which led to the introduction of the E-Commerce Law.

2. The Code Red Worm

The Code Red worm emerged in 2001 and was discovered by two eEye Digital Security employees. It was named Code Red as the discoverers were consuming Code Red Mountain Dew at the time.

This worm targeted systems with Microsoft’s IIS web server installed, exploiting a buffer overflow vulnerability. Remarkably, it operated entirely in memory and was just 3,569 bytes in size.

Upon infection, the worm would replicate itself excessively due to a programming bug, consuming significant system resources. It then launched denial-of-service attacks on various IP addresses, including a notable attack on the White House website, and enabled remote access to the affected server.

The worm became infamous for the message it displayed on compromised web pages: “Hacked By Chinese!”. A patch was eventually released, but not before it cost an estimated $2 billion in lost productivity, affecting 1-2 million servers out of 6 million IIS servers at the time.

3. The Melissa Virus

Named after an exotic dancer from Florida, this virus was created by David L. Smith in 1999. It began as a compromised Word document posted on a Usenet group, claiming to offer passwords for adult content websites. The curiosity it sparked led to widespread downloads, activating the macro inside and releasing its payload.

Once activated, the virus would email itself to the top 50 contacts in the user’s email list, causing a surge in email traffic that disrupted services for governments and corporations. It also occasionally altered documents, inserting references from The Simpsons.

Smith was apprehended when the document was traced back to him. He cooperated with the FBI to capture other malware creators and served only 20 months of a 10-year sentence, along with a $5,000 fine. The virus reportedly caused $80 million in damages.

4. The Sasser Worm

Created by computer science student Sven Jaschan, this worm exploited a buffer overflow vulnerability in the Local Security Authority Subsystem Service (LSASS). While the payload was more of an annoyance—slowing down and crashing computers—it had far-reaching disruptive effects, affecting millions of computers and critical infrastructure.

The worm propagated itself to other machines via the Internet, exploiting systems that hadn’t updated their security. This led to more than a million infections, impacting airlines, news agencies, hospitals, and public transport. The overall damage was estimated at $18 billion. Jaschen was tried as a minor and received a 21-month suspended sentence.

5. The Zeus Trojan

Designed to infect Windows computers, Zeus performs various illicit activities, most commonly man-in-the-browser keylogging and form grabbing. The primary infection methods were drive-by downloads and phishing scams.

First identified in 2009, Zeus compromised thousands of FTP accounts and computers from major corporations and banks, including Amazon, Oracle, and Bank of America. The botnet was used to steal login credentials for social networks, email, and banking accounts.

In the US alone, over 1 million computers were estimated to be infected, with 25% of those in the US. The operation was global, involving individuals worldwide acting as money mules. About $70 million was stolen, leading to the arrest of 100 people connected to the operation.

6. The Conficker Worm

Also known as Downup or Downadup, Conficker is a Windows worm that appeared in 2008. It exploits vulnerabilities in the operating system to create a botnet.

The worm managed to infect over 9 million computers globally, affecting governments, businesses, and individuals. It was one of the largest worm infections ever, causing an estimated $9 billion in damages.

Conficker exploited a network service vulnerability in unpatched Windows systems. Once infected, it would reset account lockout policies, block access to Windows update and antivirus sites, and disable various services. It then installed software to turn the computer into a botnet slave and scareware to extort money from the user. Microsoft and antivirus vendors later released fixes and updates.

7. The Stuxnet Worm

Believed to be a collaborative effort between the Israeli Defence Force and the American Government, Stuxnet serves as a prime example of a virus developed for cyberwarfare. Its primary target was Iran’s nuclear program, and it successfully damaged about one-fifth of Iran’s nuclear centrifuges.

The worm was engineered to attack industrial Programmable Logic Controllers (PLC), which are essential for automating various types of machinery. It specifically targeted Siemens PLCs and was distributed via infected USB drives.

If the infected computer did not have Siemens software, the worm would remain dormant, infecting other computers in a limited manner to avoid detection. Siemens eventually developed a method to remove the malware from their systems.

8. The Mydoom Worm

Emerging in 2004, Mydoom is a worm designed for Windows systems and became one of the fastest-spreading email worms since ILOVEYOU. The creator remains unknown, but a text message within the code suggests it was a commissioned job.

The worm propagates by disguising itself as an email transmission error, complete with an attachment of the worm. Once activated, it sends itself to email addresses found in the user’s address book and also copies itself into any folder of P2P programs to spread through that network.

Its payload serves two purposes: it opens a backdoor for remote access and launches a denial-of-service attack against the SCO Group. The attack was likely motivated by a conflict over Linux code ownership. The worm caused an estimated $38.5 billion in damages and remains active in some forms today.

9. The CryptoLocker Ransomware

CryptoLocker is a Trojan horse ransomware specifically designed to target Windows computers. It spreads through various means, including email, and encrypts files on the infected computer and any connected storage using RSA public key cryptography.

Although removing the malware is straightforward, the encrypted files remain locked. The only way to regain access to the files is to pay a ransom within a specified deadline. Failure to meet the deadline results in an increased ransom or deletion of the decryption keys. The typical ransom is around $400, payable in prepaid cash or Bitcoin.

Law enforcement agencies and security companies eventually gained control over part of the botnet that operated CryptoLocker and Zeus, effectively halting the ransom operation. The ring leader, Evgeniy Bogachev, was charged, and decryption keys were released to affected users. It is estimated that 500,000 computers were infected, with 1.3% of victims paying the ransom, totaling around $3 million.

10. The Flashback Trojan

Unlike most other entries on this list, Flashback specifically targeted Mac computers, dispelling the myth that Macs are immune to malware. Initially discovered in 2011, it posed as a fake Flash installer.

In its evolved form, the Trojan infects users who have Java enabled. It spreads by compromising websites that contain JavaScript code to download the payload. Once installed, the infected Mac becomes part of a botnet.

The good news is that the infection is limited to the specific user’s account. However, more than 600,000 Macs were infected, including 274 located in Cupertino, the headquarters of Apple. Oracle and Apple have since released fixes, but as of 2014, an estimated 22,000 Macs remain infected.