Computers viruses, worms, ransomware, etc. are kinds of malicious software that no user should take lightly. On several occasions, we have touched upon security steps that each user should take in order to protect its identity and data. Sadly sometimes even when all precautions are taken some malware can still slip through and wreak havoc. Today we are looking at some of the worst or the best, depending on your view that has indeed wreaked plenty of havoc.
10 worst computer viruses in history
In the list of the 10 most famous computer viruses below, we show the costs, dates, reach, and other key facts. First a note about terms: we use the words “virus” and “worm” interchangeably because most readers search for them that way. But there’s a subtle difference that we explain after the list.
1. Mydoom – $38 billion
The worst computer virus outbreak in history, Mydoom caused estimated damage of $38 billion in 2004, but its inflation-adjusted cost is actually $52.2 billion. Also known as Novarg, this malware is technically a “worm,” spread by mass emailing. At one point, the Mydoom virus was responsible for 25% of all emails sent.
Mydoom scraped addresses from infected machines, then sent copies of itself to those addresses. It also roped those infected machines into a web of computers called a botnet that performed distributed denial of service (DDoS) attacks. These attacks were intended to shut down a target website or server.
Mydoom is still around today, generating 1% of all phishing emails. That’s no small feat considering the 3.4 billion phishing emails sent each day. By that figure, Mydoom has taken on a life of its own, infecting enough poorly-protected machines to send 1.2 billion copies of itself per year, 16 years after its creation.
Though a $250,000 reward was offered, the developer of this dangerous computer worm was never caught.
Wondering what makes the world’s most secure computers so safe? See the Tech@Work guide: Upgrade to the World's Most Secure and Manageable PC
2. Sobig – $30 billion
The 2003 Sobig computer virus is actually another worm. It is second only to the Mydoom virus in its scope. The $30 billion figure is a worldwide total, including Canada, the U.K., the U.S., mainland Europe, and Asia. Several versions of the worm were released in quick succession, named Sobig.A through Sobig.F, with Sobig.F being the most damaging.
This cybercriminal program masqueraded as legitimate computer software attached to emails. It disrupted ticketing at Air Canada and interfered with countless other businesses. Despite its widespread damage, the creator of the successful bug was never caught.
3. Klez – $19.8 billion
Klez is a close third on the list of the worst computer viruses ever created. With nearly $20 billion in estimated damages, it infected about 7.2% of all computers in 2001, or 7 million PCs. The Klez worm sent fake emails, spoofed recognized senders and, among other things, attempted to deactivate other viruses.
As with other viruses and worms, Klez was released in several variants. It infected files, copied itself, and spread throughout each victim’s network. It hung around for years, with each version more destructive than the last.
Windows has come a long way since most of the computer viruses on this list hit the web. Thankfully, built-in protection with Microsoft Defender is always on the watch.
4. ILOVEYOU – $15 billion
The year 2000’s ILOVEYOU virus worked by sending a bogus “love letter” that looked like a harmless text file. Like Mydoom, this attacker sent copies of itself to every email address in the infected machine’s contact list. Shortly after its May 4 release, it had spread to more than 10 million PCs.
The virus was created by a college student in the Philippines named Onel de Guzman. Lacking funds, he wrote the virus to steal passwords so he could log into online services he wanted to use for free. He reportedly had no idea how far his creation would spread. This virus is also known as Loveletter.
Need to up your remote work security game before there’s another entry on the list of most deadly computer viruses? See our guide: How to Work Remotely and Securely
5. WannaCry – $4 billion
The 2017 WannaCry computer virus is ransomware, a virus that takes over your computer (or cloud files) and holds them hostage. The WannaCry ransomware ripped through computers in 150 countries, causing massive productivity losses as businesses, hospitals, and government organizations that didn’t pay were forced to rebuild systems from scratch.
The malware raged like wildfire through 200,000 computers worldwide. It stopped when a 22-year-old security researcher in the U.K. found a way to turn it off. Computers with out-of-date operating systems were hit especially hard. That’s why security experts always recommend updating your systems frequently.
Ransomware strikes again
In September 2020, one of the potentially largest computer virus attacks in medical history hit Universal Health Services. The U.S. hospital chain, which has more than 400 locations, was reportedly struck by damaging ransomware. The attack forced the cancellation of surgeries and made healthcare workers switch to paper records.
6. Zeus – $3 billion
The Zeus computer virus is an online theft tool that hit the web in 2007. A whitepaper by Unisys three years later estimated that it was behind 44% of all banking malware attacks. By then, it had breached 88% of all Fortune 500 companies, 2,500 organizations total, and 76,000 computers in 196 countries.
The Zeus botnet was a group of programs that worked together to take over machines for a remote “bot master.” It originated in Eastern Europe and was used to transfer money to secret bank accounts. More than 100 members of the crime ring behind the virus, mostly in the U.S., were arrested in 2010. It’s not as prominent today, but some of the virus’ source code lives on in newer botnet viruses and worms.
Zeus caused documented damage of $100 million. But the real cost in terms of lost productivity, removal, and undocumented theft is undoubtedly much higher. A $3 billion estimate, adjusted for inflation, puts this virus at a cost of $3.7 billion in today’s dollars.
7. Code Red – $2.4 billion
First observed in 2001, the Code Red computer virus was yet another worm that penetrated 975,000 hosts. It displayed the words “Hacked by Chinese!” across infected web pages, and it ran entirely in each machine’s memory. In most cases it left no trace in hard drives or other storage.
Financial costs are pegged at $2.4 billion. The virus attacked websites of infected computers and delivered a distributed denial of service (DDoS) attack on the U.S. White House’s website, www.whitehouse.gov. In fact, the White House had to change its IP address to defend against Cod Red.
Can your printer get a virus? See our cool infographic: The State of Printer Security
8. Slammer – $1.2 billion
The SQL Slammer worm cost an estimated $750 million across 200,000 computer users in 2003. This computer virus randomly selected IP addresses, exploiting vulnerabilities and sending itself on to other machines. It used these victim machines to launch a DDoS attack on several internet hosts, significantly slowing internet traffic.
The Slammer worm hit banks in the U.S. and Canada especially hard, taking ATMs offline in many locations. Customers of Toronto’s Imperial Bank of Commerce found themselves unable to access funds. The attack reared its ugly head again in 2016, launching from IP addresses in Ukraine, China, and Mexico.
9. CryptoLocker – $665 million
Thankfully, ransomware attacks like the 2013 CryptoLocker virus have dipped since their 2017 peak. This malware attacked upwards of 250,000 machines by encrypting their files. It displayed a red ransom note informing users that “your important files encryption produced on this computer.” A payment window accompanied the note.
The virus’ creators used a worm called the Gameover Zeus botnet to make and send copies of the CryptoLocker virus. According to a report by security firm Sophos, the average ransomware attack costs a business $133,000. If we estimate that CryptoLocker hit 5,000 companies, that would put its total cost at $665 million.
Where will cybersecurity go next? See our guide: The Future of Cybersecurity
10. Sasser – $500 million
The Sasser worm was written by a 17-year-old German computer science student named Sven Jaschan. He was arrested at the age of 18 in 2004 after a $250,000 bounty was posted for the computer virus’ creator. A friend of Jaschan’s tipped authorities that the youth had penned not only the Sasser worm but also the damaging Netsky.AC attack.
Jaschan was given a suspended sentence after it was found he was a minor when he wrote the malware. The Sasser worm crashed millions of PCs, and though some reports put damages at $18 billion, the relatively low infection rate suggests a more likely cost of $500 million.
Other notable viruses
The top 10 worst computer viruses above are just the ugly tip of a gargantuan digital iceberg. With a million new malware programs popping up every 3 years, we may miss the forest for a few outstanding trees. Here are just a few more viruses that have wreaked havoc over the years:
Mimail: This worm tried to harvest data from infected machines to launch a string of DDoS attacks, but was relatively easy to remove.
Yaha: Yet another worm with several variants, thought to be the result of a cyber-war between Pakistan and India.
Swen: Written in C++, the Swen computer worm disguised itself to look like a 2003 OS update. Its financial cost has been pegged at $10.4 billion, but not reliably.
Storm Worm: This worm showed up in 2007 and attacked millions of computers with an email about approaching bad weather.
Tanatos/Bugbear: A 2002 keylogger virus that targeted financial institutions and spread to 150 countries.
Sircam: A computer worm from 2001 that used counterfeit emails with the subject line, “I send you this file in order to have your advice.”
Explorezip: This worm used fake emails to spread to every machine on thousands of local networks.
Melissa: The most dangerous computer virus in 1999, Melissa sent copies of itself that looked like NSFW pics. The U.S. FBI estimated cleanup and repair costs at $80 million.
Flashback: A Mac-only virus, Flashback infected over 600,000 Macs in 2012 and even infected Apple’s home base in Cupertino, Calif. In 2020, there’s now more malware on Macs than on PCs.
Conficker: This 2009 virus still infects many legacy systems and could do significant damage if it ever activates.
Stuxnet: This worm is reported to have destroyed Iranian nuclear centrifuges by sending damaging instructions.
The true cause is that there is no working Border Gateway Protocol (BGP) routes into Facebook's sites. BGP is the standardized exterior gateway protocol used to exchange routing and reachability information between the internet top-level autonomous systems (AS). Most people, indeed most network administrators, never need to deal with BGP.
Cloudflare VP Dane Knecht was the first to report the underlying BGP problem. This meant, as Kevin Beaumont, former Microsoft's Head of Security Operations Centre, tweeted,
"By not having BGP announcements for your DNS name servers, DNS falls apart = nobody can find you on the internet. Same with WhatsApp btw. Facebook has basically de-platformed themselves from their own platform."
Many people are very annoyed by this and with the fact that they cannot use their social media platforms but it seems that Facebook employees are in even bigger annoyance as it was reported that Facebook employees can't enter their buildings because their "smart" badges and doors were also disabled by this network failure. If true, Facebook's people literally can't enter the building to fix things.
Reddit user u/ramenporn, who claimed to be a Facebook employee working on bringing the social network back from the dead, reported, before he deleted his account and his messages:
"DNS for FB services has been affected and this is likely a symptom of the actual issue, and that's that BGP peering with Facebook peering routers has gone down, very likely due to a configuration change that went into effect shortly before the outages happened (started roughly 1540 UTC). There are people now trying to gain access to the peering routers to implement fixes, but the people with physical access is separate from the people with knowledge of how to actually authenticate to the systems and people who know what to actually do, so there is now a logistical challenge with getting all that knowledge unified. Part of this is also due to lower staffing in data centers due to pandemic measures."
Ramenporn also stated that it wasn't an attack, but a mistaken configuration change made via a web interface.
Both BGP and DNS are down, the "connection to the outside world is down, remote access to those tools don't exist anymore, so the emergency procedure is to gain physical access to the peering routers and do all the configuration locally."
Technicians on site don't know how to do that and senior network administrators aren't on site.
It seems that it will all be down for a couple of more hours before the issue is resolved. 