The 5 Worst Computer Viruses

The 5 Worst Computer Viruses

Summary: Flame is clearly the next evolution in computer viruses. Were I an Iranian scientist Flame would definitely be in my top 5 Virus, Trojan and Worm selections; since I am not, here is my top 5.

TOPICS: Malware

On Sunday Microsoft reported that “…some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.”

This is due to the presence of an an older cryptographic algorithm in Windows Server which may be exploited to make the code appear to be signed by Microsoft.

The algorithm was employed by Terminal Server Licensing Service, which allows for remote desktop access. Microsoft has released an advisory and update to eliminate the security hole that allows certificates to be signed.

Flame is clearly the next evolution in computer virus and got me to thinking of all of the viruses, worms, trojans, and malware that I have had to battle over the past few years.

Disclaimer: Since I was not around for Elk Cloner or Brain, and though I thought the Angry Samoan virus (named after the famed wrestlers) was cleverly named, it did not impact me significantly, so I did not include them in my list.

Here are my top 5 Worms, Trojans, or Viruses.

1. Melissa

A macro virus named after a Miami stripper, was so effective in 1999 that the tidal wave of email traffic it generated caused the likes of Intel and Microsoft to shut down their email servers. The virus contained a Word document labeled List.DOC as an attachment to an email allowing access to porn sites.

The email was first distributed to a Usenet group but quickly got out of hand. When a user opened the email a message, the infected Word attachment was sent to the first 50 names in the user's address book. The scheme was particularly successful because the email bore the name of someone the recipient knew and referenced a document they had allegedly requested. I recall spending long hours cleaning up after this one.

2. The Anna Kournikova Virus

This computer virus was attributed to a Dutch programmer Jan de Wit on February 11, 2001. The virus was designed to trick a recipient into opening a message by suggesting that it contained a picture of the lovely Anna Kournikova, instead the recipient triggered a malicious program.

This was another virus that exploited a user’s Microsoft Outlook mail contacts. The email subject read: "Hi: Check This!", with what appeared to be a picture file labeled "AnnaKournikova.jpg.vbs". Clearly, the attachment was not a JPG, but it was a good bit of social engineering and was an effective transmission mechanism.

3. MyDoom

MyDoom began appearing in inboxes in 2004 and soon became the fastest spreading worm ever to hit the web, exceeding previous records set by the Sobig worm and ILOVEYOU. A side note, though I knew people affected by Sobig and ILOVEYOU, I did not see either of these in the wild.

The reason that MyDoom was effective was that the recipient would receive an email warning of delivery failure – a message we have all seen at one time or another. The message prompted the recipient to investigate thus triggering the worm.

Once the attached file was executed, the worm would send itself to email addresses found in the local address book and also put a copy in a shared folder (KaZaA). Like Klez, MyDoom could spoof email but also had the ability to generate traffic through web searches, which placed a significant load on search engines like Yahoo and Google.

MyDoom was also significant for the second payload that it carried, which was a DDoS attack on the SCO group; albeit not the coordinated sort of attack we would now expect to see with modern bot-nets. The origination of the virus is attributed or suggested to be someone in Russia, but no one was ever able to confirm.

Lastly, MyDoom contained the text “andy; I’m just doing my job, nothing personal, sorry,” which led many to believe that the virus was constructed for a fee for a spammer, though this also was not confirmed. Shot in the dark: if you are the Andy in referenced in MyDoom and are reading this, please comment!

4. Sasser & Netsky

Easily one of the most famous and prolific variants of computer worms, famous for effectiveness and the fact that it was authored by an 18 year-old German, Sven Jaschan, who confessed to having written these and other worms.

Netsky sticks in my mind because it was the first time that a virus insulted other virus authors. Here the authors of both the Bagle and Mydoom worm families were dissed and, in some cases, Netsky included code that removed versions of the competing viruses.

The other reason this one sticks with me was that the author was turned in to authorities by a friend who wanted to collect the $250,000 bounty that Microsoft put up for information about the outbreak. Though obviously, not a really good friend!

5. 2007 Storm Worm

Though I did consider the 1988 Morris worm, regarded as the first worm, I had to go with the 2007 Storm worm as the 5th to include. Known by many names the Storm Worm is a backdoor Trojan that affects Microsoft based computers.

Here, again, we see distribution of payload through email, with the subject reading, “230 dead as storm batters Europe”. The Storm Worm was a Trojan horse that would join the infected computer to a bot-net – a network of remotely-controllable computers. Though it was thought to be a bot-net of millions of computers, the exact numbers were never known.

Flame is clearly the next evolution in computer viruses, and were I an Iranian scientist Flame would definitely be at the top of my list. Which are on your list? Talk Back and Let Me Know.

Topic: Malware

Gery Menegaz

About Gery Menegaz

Gery Menegaz is a Chief Architect for IBM with more than 20 years supporting technologies in the financial, medical, pharmaceutical, insurance, legal and education sectors. My Full-Time Employer is IBM. I write as a freelancer for ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sasser? Sasser? Don't talk to me about Sasser!

    As a former tech support drone for a major UK retail chain (purple shirts, you know the one. 3 Digit parent company ending in SG Retail). I was unfortunate enough to be working the lines when Sasser went live.

    Anyone who has encountered a panicked "normal" will appreciate the hell of "Click Start, click run, type shutdown -a, connect to the net, click ok on the run box to stop the countdown, go to windows update" 50+ times an hour. Often to the same person more than once because they can't understand "click ok".

    I'm not bitter, honest.
  • Melissa was a bad day...

    The radio station I was listening to on my way to work that morning kept talking about how their email servers were taken offline because of some big virus and I almost turned around and drove back home. I'd get to the office before most of the accountants and sales folks, but there were already a couple of people standing at my desk when I walked in. "Email virus?" "Yes, our inboxes are full." I unlocked my workstation, opened Outlook and had something close to 10,000 new emails. Walked into the server room, unplugged the network cable from the Exchange box and spent much of the rest of the day explaining to people who couldn't seem to live without email that they couldn't get their fix for a while. When I had some downtime, I actually read through the virus code and thought a six year old could have written that.
  • Credit where credits due

    No one does malware better than MS.

    Great design choices guys, particularly scripting in documents.
    Richard Flude
  • Where was the list of 5 viruses?

    I only saw a list of 5 worms.

    Or is that distinction only important when talking about Apple?
    • The 5 worst Windows trolls

      todd's bottom
      lovie dovie
      Wilie Farrell
      Cylon Cenboreathon

      [u]runners up[/u]:
      NonFanboy the Fanboy
  • I am glad I had a Mac and no internet

    I am glad I had a Mac and no internet during those times. Is it just me or does it seem like Outlook get exploited quite frequently. Doesn't Microsoft check its code enough before distribution?
    • I am glad I had Win7 and the Internet since forever

      while 600K Macs got infected as recently as April 5th 2012.
      • shellcodes*

        Flashback did not require human intervention to infect a machine. Check your facts.
    • I HAD a Mac and internet during those times

      and the pre-OS X mac was very prone to viruses and malware.
      • No you didn't

        Stop making up things.
    • Every operating system has bugs and vulnerabilities, though

      And the first known virus infected the Apple II, albeit without purposely causing damage. The Mac had its own collection of viruses, too.

      It seems likely that the greater prevalence of viruses and malware on Windows was simply due to the greater market share of that OS, compared with Linux/OS X/Mac OS Classic etc.

      Although that's not to say that Microsoft did not leave massive security holes in Windows - they certainly did. Netbios and Windows file sharing spring to mind...
      A great advantage of Linux's open source model is that anyone can inspect the code and report/fix security holes. This allowed people to run static analysis tools to look for likely buffer overflow errors (the cause of so many vulnerabilities) etc. The OS X kernel source is available online too, albeit possibly an outdated version.
    • Macs suck

      No one hacks mac because there is so little of them
      Isaiah Young
  • Stuxnet?

    How on earth can you list the worst computer viruses ever and not even mention Stuxnet?

    Flame just gathers information, Stuxnet could have killed people.
    • Stuxnet

      I know, I just did not impact the business I supported, so I did not include it in the list. We were lucky, I suppose.
  • What about NIMDA

    The lure of Sordid pictures of Bill and Monica.
    Even after telling all of my users DO NOT OPEN THIS TYPE OF ATTACHMENT!
    I took me a very long weekend to kill it.
    • That was a good one

      So was Code Red which, because of the coding error in it, pounded the sh!+ out of the corporate firewall and ground all email and web access to a halt. We just happened to have one of the first 100 IP addresses generated by its non-random random IP generator.
    • Your Mom

      Don't you mean NIMIDIA?
      • Your wrong ^

        Nimda is actually admin backwards so its not nimidia. NIMDA-ADMIN
  • What about Conficker???

    Wasn't this one bad?
    • What about Conficker

      Yes, this was a bad one as well/.