Computer Virus Examples (2023): The 17 Worst Attacks Ever

By Tibor Moes / Updated: May 2023

Computer Virus Examples (2023): The 17 Worst Attacks Ever

The 17 Worst Computer Virus Examples of All Time

Imagine your computer as a planet in the vast universe of the internet. Now, consider a comet – a computer virus – hurtling towards it. On impact, it can reshape the planet or even wipe out all life (data and programs). This might sound like a sci-fi movie, but such scenarios have happened in the real world.

In this article, we’ll recount the tales of the most devastating comets – the most notorious computer viruses – that have ever struck the digital planets.

What is a computer virus?

A computer virus is a piece of malware that infects files and programs on your computer. Opening an infected file will execute the virus code and result in damage to your files, your computer, and your overall internet security.

Don’t become a victim of a computer virus. Protect your devices with the best antivirus software and your privacy with the best VPN service.

Summary

Below are the worst computer virus examples of all time. Please note that some are the general interpretation of the word “computer virus”, similar to “malware”. However, technically, they are not the same. We’ll explain the difference below this list and also tell you which are are the traditional computer viruses.

  1. Elk Cloner (1982): The first known microcomputer virus that spread “in the wild,” or outside the computer system or lab in which it was written.
  2. Brain (1986): The first MS-DOS based virus, which targeted IBM PC systems.
  3. Morris Worm (1988): One of the first worms distributed via the Internet, it was created by Robert Tappan Morris.
  4. CIH or Chernobyl Virus (1998): A destructive virus that rendered machines unbootable.
  5. ILOVEYOU or Love Letter Virus (2000): A worm that attacked tens of millions of Windows PCs via email.
  6. Code Red and Code Red II (2001): Worms that exploited a vulnerability in Microsoft’s Internet Information Server (IIS).
  7. Slammer or Sapphire (2003): A worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic.
  8. Blaster Worm or MSBlast (2003): A worm that spread via a vulnerability in Windows systems, causing a significant amount of network traffic.
  9. Sobig.F (2003): A worm and trojan that circulated through emails as viral spam, it was one of the most widely circulated worms.
  10. Mydoom (2004): An extremely rapidly spreading email-based worm.
  11. Sasser and Netsky (2004): A series of worms that caused problems in networks by exploiting a vulnerability in Windows systems.
  12. Conficker (2008): A worm that targeted Windows and caused a range of problems from consuming network resources to downloading malware.
  13. Stuxnet (2010): A highly sophisticated worm that targeted industrial control systems, it was responsible for causing substantial damage to Iran’s nuclear program.
  14. CryptoLocker (2013): A ransomware that encrypted users’ files and then demanded a ransom to unlock them.
  15. WannaCry (2017): A ransomware worm that spread rapidly across numerous networks, infecting hundreds of thousands of computers worldwide.
  16. NotPetya (2017): Masqueraded as ransomware but was designed to cause damage, primarily targeted Ukraine but had global effects.
  17. Bad Rabbit (2017): A ransomware attack, believed to be a variant of NotPetya, that spread through “drive-by downloads” where insecure websites were targeted.

Computer Virus vs Malware

The terms “computer virus” and “malware” are often used interchangeably, but they are not the same. A virus is a type of malware, but not all malware are viruses.

Malware is a general term for any malicious software, including viruses, worms, trojans, ransomware, adware, and spyware. A computer virus, specifically, is a type of malware that can copy itself and infect a computer without the permission or knowledge of the user.

In the list we provided earlier, some examples like Stuxnet, Conficker, and Slammer are technically worms, not viruses. Worms, unlike viruses, don’t require user action to propagate; they can self-replicate and spread independently.

Similarly, CryptoLocker, WannaCry, NotPetya, and Bad Rabbit are examples of ransomware, another type of malware that encrypts users’ files and demands a ransom for their release.

If you want a list that includes only traditional computer viruses examples, here are some of the most infamous ones:

  1. Elk Cloner (1982)
  2. Brain (1986)
  3. CIH or Chernobyl Virus (1998)
  4. ILOVEYOU or Love Letter Virus (2000)
  5. Blaster Worm or MSBlast (2003)
  6. Sobig.F (2003)
  7. Mydoom (2004)

Read on for more details on each computer virus example.

1. Elk Cloner (1982)

The Dawn of Digital ‘Flu’

Back in the days when floppy disks were still a thing, in 1982, a 15-year-old whiz kid named Rich Skrenta unintentionally unleashed the first known microcomputer virus, the Elk Cloner. It started as a practical joke among friends. Skrenta, known for his pranks, would lend game disks to his friends, which would stop working after 50 boots, displaying a poem he had written instead.

This digital ‘flu’ didn’t last long, but it signified the start of an era of computer viruses. Primarily, it affected Apple II systems, spreading locally among Skrenta’s friends and school in Pittsburgh, Pennsylvania. While no significant financial damage was reported, it was more of a nuisance that affected a small group of people. It’s unknown how many were impacted, but the annoyance led to the development of the first antivirus software.

The Elk Cloner didn’t compromise any sensitive data, but it was a wake-up call about potential vulnerabilities in computer systems. In terms of legal consequences, there were none for Skrenta, who was just a high school student at the time. Ironically, he later co-founded the online news site, Topix, and the search engine, Blekko.

2. Brain (1986)

The First PC ‘Invader’

Fast forward to 1986, when two brothers from Pakistan, Basit and Amjad Farooq Alvi, created Brain, the first MS-DOS based virus that targeted IBM PC systems. The Brain virus was not malevolent; instead, it was intended to be a copyright enforcement mechanism for the medical software the brothers had developed.

The Brain virus spread worldwide, being one of the first international PC virus incidents. It was carried on floppy disks from one PC to another, underlining the dangers of sharing physical media. However, it didn’t cause any significant financial damage or affect a large number of people. The virus didn’t compromise any sensitive data, but rather it was a proof-of-concept that PC viruses could spread globally.

The Alvi brothers were not criminally prosecuted, as they had included their names and contact details within the code, stating they were using it for copyright enforcement. However, they were surprised at how quickly the virus spread, which was a valuable lesson for them and the entire tech community. The brothers eventually founded Brain Telecommunication Ltd., one of Pakistan’s leading Internet service providers.

Countermeasures to the Brain virus involved antivirus software development and educating people about the dangers of sharing unverified floppy disks. Thus, the early virus attacks were crucial in shaping our understanding of digital threats and encouraging the development of cybersecurity measures.

3. Morris Worm (1988)

The Accidental Onslaught

Imagine a science experiment gone wrong and causing unintended havoc. That’s the story of the Morris Worm, the first worm to spread across the internet. Named after its creator, Robert Tappan Morris, a graduate student at Cornell University, the worm was unleashed on November 2, 1988.

Morris intended his creation to measure the size of the internet, not to cause damage. However, a programming error led the worm to infect machines multiple times, causing them to slow down and eventually become unusable.

The Morris Worm affected approximately 6,000 computers, a significant number considering the size of the internet at the time. The geographic scope was largely the United States, and the financial damage was estimated to be between $100,000 to $10,000,000 due to loss of productivity and the time spent removing the worm.

The nature of the data compromised was mostly system performance, with the worm consuming processing power and slowing down machines. Countermeasures involved disconnecting affected machines and patching the software vulnerabilities that the worm had exploited.

In terms of legal consequences, Morris was convicted under the Computer Fraud and Abuse Act in the United States. He was sentenced to three years of probation, 400 hours of community service, and fined $10,500.

4. Chernobyl Virus (1988)

The Digital Disaster

Step into the year 1998, and imagine a virtual catastrophe akin to a nuclear power plant meltdown. This was the scenario when the CIH, or Chernobyl Virus, struck the digital world. Named after the infamous Chernobyl nuclear disaster due to its destructive nature, this computer virus was designed by Chen Ing-Hau, a Taiwanese student.

This ‘digital disaster’ lasted a few years, with the virus causing significant damage each year on April 26, coinciding with the Chernobyl disaster anniversary. The virus targeted Windows 98 systems, overwriting data and even disabling PCs. The scope was international, with an estimated 60 million computers affected, leading to nearly $1 billion in damages.

The virus specifically attacked the system BIOS, the heart of a computer, making the infected machines unbootable. To contain this ‘disaster,’ antivirus companies updated their software to detect and remove the virus. Moreover, a utility to restore the BIOS from a software level was released, helping victims recover their machines.

Surprisingly, Chen Ing-Hau didn’t face any legal consequences in Taiwan, due to the lack of relevant cybercrime laws at the time. However, he was later hired by a Taiwanese antivirus company, a move that sparked controversy.

5. ILOVEYOU (2000)

The Love Letter That Broke Hearts

Imagine receiving a love letter, only to find it’s a ruse that turns your life upside down. That’s what happened in the year 2000, when millions of internet users worldwide received an email with the subject line ‘ILOVEYOU.’ Designed in the Philippines by Onel de Guzman, this worm quickly became one of the most destructive security incidents of all time.

ILOVEYOU spread rapidly, affecting both individuals and businesses, including large corporations and government entities. It was estimated to have affected 10% of the internet-connected computers worldwide, causing an estimated $10 billion in damages.

The worm was spread via email, enticing recipients to open an attachment named ‘LOVE-LETTER-FOR-YOU.txt.vbs.’ Upon opening, the worm would overwrite image files and send copies of itself to every address in the victim’s email address book. This led to a rapid, global spread, causing email systems to crash under the sheer volume of emails.

The aftermath was swift, with IT professionals working round the clock to remove the worm and restore systems. Antivirus software updates were quickly dispatched, and users were urged not to open suspicious emails. This incident led to an increased focus on email security and user education.

Despite the havoc wreaked, Onel de Guzman escaped prosecution due to the lack of cybercrime laws in the Philippines at the time. This event played a significant role in the development of cybercrime legislation in the country.

6.1 Code Red (2001)

The Invisible Invader

In the summer of 2001, a new threat loomed on the horizon of cyberspace. It was called Code Red, a worm that acted like a phantom spreading through the digital world. It was named after the popular caffeinated soda, Code Red Mountain Dew, which the researchers were drinking at the time they discovered it.

Code Red was an invisible invader that exploited a vulnerability in Microsoft’s Internet Information Server (IIS). It didn’t require a user to click on a link or download an attachment. Instead, it scanned the internet for vulnerable systems and infected them autonomously.

The worm had a broad target range, affecting both individual users and businesses alike. Its geographic scope was international, infecting hundreds of thousands of computers in a matter of hours. It caused considerable network slowdown and even defaced websites with the message: “Hacked By Chinese!” Although its financial damage was hard to quantify, the cost of countermeasures and loss of productivity was estimated to be in the billions.

The aftermath involved a rush to patch the IIS vulnerability, highlighting the importance of timely software updates. Despite the scale of the attack, no individual or group was ever officially identified as the perpetrator, and thus, no legal consequences were handed down.

6.2 Code Red II (2001)

The Sequel That Struck Harder

In the same year, shortly after the first Code Red attack, a variant named Code Red II surfaced. Like a sequel of a horror movie, it was more harmful and had a more significant impact.

Code Red II targeted the same IIS vulnerability but had a different payload. Instead of just defacing websites and causing network slowdown, it installed a backdoor into the affected systems, potentially allowing an attacker to control the system.

The scope was again international, with the worm affecting individual users, businesses, and even government entities. The financial damage was considerable, again reaching into the billions, as companies scrambled to secure their systems and mitigate the worm’s effects.

Post-attack, there was a renewed emphasis on the importance of cybersecurity measures, including regular software updates and robust intrusion detection systems. The identity of the worm’s creator remains unknown, and no legal consequences were ever pursued. The twin attacks of Code Red and Code Red II were a stark reminder of the potential devastation cyber threats could cause.

7. Slammer/Sapphire Worm (2003)

The Lightning Fast Attack

Fast forward to January 25, 2003, when a worm hit the digital world with lightning speed. Known as the Slammer or Sapphire Worm, it doubled in size every 8.5 seconds and infected more than 75,000 machines within ten minutes, making it the fastest spreading worm in history.

The Slammer Worm targeted Microsoft SQL Server and MSDE 2000, exploiting a buffer overflow vulnerability. It didn’t write to disk or modify any files but stayed in memory, making it harder to detect.

The worm’s geographic scope was global, affecting both individual users and organizations, including Bank of America’s ATM service, a 911 emergency system in Washington state, and even causing a nuclear power plant’s safety monitoring system to go offline for nearly five hours.

The financial impact of the Slammer Worm was considerable, with estimates of the global cost reaching as high as $1.2 billion. It led to increased network congestion and system crashes, severely impacting productivity and services.

Post-attack, patches for the exploited vulnerability were widely applied, and network administrators were reminded of the importance of keeping systems updated. The creator of the Slammer Worm was never identified, so no legal consequences were pursued. The attack served as a stark reminder of the importance of cybersecurity vigilance and the potential speed and scope of cyber threats.

8. Blaster Worm/MSBlast (2003)

The Blast that Rocked the Internet

In the summer of 2003, a new threat emerged in the form of the Blaster Worm, or MSBlast. Like a rogue spaceship in a sci-fi movie, it zoomed across the internet, infecting vulnerable Windows computers.

The Blaster Worm was designed to exploit a vulnerability in the Windows operating system, spreading itself without any user interaction. It targeted individual users as well as businesses, causing their computers to slow down or even reboot continuously.

The worm’s reach was global, with hundreds of thousands of computers estimated to be infected. The financial impact was significant, with companies and individuals worldwide spending time and resources to remove the worm and restore their systems.

The nature of data compromised was primarily system performance, with the worm consuming processing power and causing disruptions. In the aftermath, patches were quickly applied, and the importance of keeping systems updated was reiterated.

In an interesting twist, an individual named Jeffrey Lee Parson was arrested and prosecuted for creating a variant of the Blaster Worm. He was sentenced to 18 months in prison, demonstrating the potential legal consequences of such actions.

9. Sobig.F (2003)

The Email Nightmare

Later in 2003, a new threat emerged in the form of the Sobig.F worm, which spread through emails as viral spam. Picture a post office flooded with letters, causing chaos and confusion; that was the impact of Sobig.F.

The worm targeted individual users’ email accounts, spreading by sending itself to email addresses found on infected computers. The geographic scope was international, with millions of computers estimated to be infected. The financial damage was primarily due to productivity loss and the resources required to remove the worm and restore systems.

The Sobig.F worm represented a significant step up in terms of the nature of data compromised. It not only disrupted systems but also harvested email addresses, potentially leading to breaches of privacy.

In the aftermath, email providers and users improved their defenses and learned to be more cautious with unexpected email attachments. The creator of the Sobig.F worm was never officially identified, and thus, no legal consequences were pursued. The attack served as a stark reminder of the potential risks associated with email communication.

10. Mydoom (2004)

The Doom that Spread Like Wildfire

In the winter of 2004, a new threat emerged that was aptly named “Mydoom.” Like an unstoppable wildfire, it spread rapidly and caused significant disruption.

Mydoom was a worm that spread via email, with recipients receiving messages with harmful attachments. Once opened, the worm would replicate itself and forward the malicious email to other addresses found on the victim’s computer.

The targets of Mydoom were widespread, affecting individual users, businesses, and even large tech companies like Microsoft and Google. The worm’s reach was global, and at its peak, it was responsible for a significant percentage of all emails sent worldwide.

The financial damage caused by Mydoom was staggering, with estimates suggesting it could be in the range of billions of dollars due to productivity losses and the resources required to combat the worm.

In response to the Mydoom attack, antivirus software updates were released, and internet service providers worked to block the traffic generated by the worm. To this day, the creator of the Mydoom worm remains unknown, and thus, no legal consequences were pursued.

11. Sasser and Netsky (2004)

The Battle of the Worms

Fast forward to April 2004, when a pair of worms named Sasser and Netsky began wreaking havoc. Unlike most worms, which spread via email, Sasser propagated through vulnerable network ports, infecting computers without any user interaction.

Around the same time, the Netsky worm was spreading via email and network shares. Interestingly, both Sasser and Netsky contained code that attempted to remove each other from infected systems, leading to what was effectively a ‘battle of the worms’.

Sasser and Netsky had a global reach, affecting both individual users and businesses. The financial damage was significant, with many businesses and organizations forced to temporarily shut down their operations to deal with the infections.

In an unexpected twist, an 18-year-old German student named Sven Jaschan was found to be the creator of both worms. He was arrested and found guilty but, because he was a minor at the time the worms were released, his sentence was relatively light: a 21-month suspended sentence. Despite this, the story of Sasser and Netsky serves as a stark reminder of the potential legal consequences of creating and spreading malicious software.

12. Conficker (2008)

The Persistent Pest

In late 2008, a new cyber threat emerged that would prove to be a persistent pest. It was called Conficker, a worm that spread by exploiting a vulnerability in Windows operating systems.

Conficker was like a cunning infiltrator, sneaking into networks and spreading across connected devices. It affected a broad range of targets, from individuals’ PCs to business and government networks. It had an international reach, infecting millions of computers across nearly every country in the world.

The financial damage of Conficker was significant, with estimates running into billions of dollars due to the costs of cleaning infected systems and the loss of productivity. But the impact of Conficker went beyond financial loss. The worm created a botnet—a network of compromised computers—that could be used to carry out further attacks.

In response to Conficker, Microsoft issued a patch, and a global alliance of security firms and researchers was formed to combat the worm. The creators of Conficker have never been identified, and despite a bounty offered by Microsoft, they have evaded legal consequences. The Conficker worm remains a threat, highlighting the importance of keeping systems updated and the resilience of some cyber threats.

13. Stuxnet (2010)

The Cyber Weapon

Imagine a sci-fi movie where a digital weapon wreaks havoc on critical infrastructure. That’s the story of Stuxnet, a highly sophisticated worm discovered in 2010. But this wasn’t a movie—it was a real-life cyber attack.

Stuxnet was unlike any worm seen before. It wasn’t designed to steal information or money but to cause physical damage. It targeted industrial control systems, specifically those used in Iran’s nuclear program.

The creators of Stuxnet designed it to spread via USB drives and network shares. Once inside a network, it would seek out specific software controlling centrifuges used to enrich uranium. Then, it would cause these centrifuges to spin out of control, damaging them and disrupting the nuclear program.

The financial damage of Stuxnet is hard to estimate, but the impact on Iran’s nuclear program was significant. The worm represented a new kind of threat, demonstrating how cyber attacks could have real-world physical impacts.

In the aftermath of Stuxnet’s discovery, security measures for industrial control systems were tightened worldwide. As for the perpetrators, it’s widely believed that Stuxnet was the work of the US and Israeli governments, although neither has officially confirmed this. As a state-sponsored attack, there were no traditional legal consequences. However, the use of such cyber weapons has sparked ongoing debates about the rules of engagement in cyberspace.

14. CryptoLocker (2013)

The Rise of Digital Kidnapping

Imagine a thief breaking into your house, locking up your precious belongings in a safe, and then demanding a ransom for the key. That’s the essence of CryptoLocker, a notorious ransomware that surfaced in 2013.

CryptoLocker was spread primarily through email attachments. Once a user opened the infected file, the ransomware would encrypt files on the user’s system and then display a message demanding payment to unlock them.

From personal computers to business networks, CryptoLocker did not discriminate in its targets. The geographic scope was global, with victims spread across different continents. It’s estimated that hundreds of thousands of computers were infected, with financial losses potentially running into millions of dollars due to ransom payments and costs of recovering data.

The nature of data compromised by CryptoLocker varied, including personal photos, business documents, and more. In response to the attack, security firms developed decryption tools, and law enforcement agencies eventually managed to take down the network of infected computers used by the attackers.

The perpetrators behind CryptoLocker were believed to be a cybercrime group based in Eastern Europe, but no individuals were definitively identified or faced legal consequences, highlighting the challenges in tracking and prosecuting cybercriminals.

15. WannaCry (2017)

The Global Cry for Help

In May 2017, a cyber threat emerged that made the world ‘wanna cry.’ The WannaCry ransomware attack was one of the largest and most damaging cyberattacks in history.

WannaCry exploited a vulnerability in Windows operating systems, spreading like wildfire across networks and encrypting files on infected systems. Like CryptoLocker, it demanded a ransom to decrypt the files.

The targets of WannaCry were widespread, affecting individuals, businesses, and critical infrastructure, including healthcare services. The geographic scope was global, infecting hundreds of thousands of computers in over 150 countries.

The financial damage of WannaCry was enormous, with estimates reaching billions of dollars due to disruption to services, loss of data, and IT costs. The attack also compromised a range of sensitive data, from personal health records to business documents.

In the aftermath, patches were quickly applied, and a kill switch was discovered that helped slow the spread of the ransomware. It was later found that the attack was the work of the North Korean state-sponsored group Lazarus. However, due to the nature of state-sponsored cyberattacks, no traditional legal actions were pursued. WannaCry demonstrated the devastating potential of ransomware and led to a renewed focus on cybersecurity in critical infrastructure.

16. NotPetya (2017)

The Masquerade that Wreaked Havoc

In the summer of 2017, a new digital threat emerged that was initially mistaken for a variant of an existing ransomware called Petya. However, it soon became clear that this was a far more destructive beast. Dubbed NotPetya, this malware wreaked havoc on a global scale.

NotPetya was spread via a compromised software update mechanism of a widely used accounting software in Ukraine. Once inside a network, it spread rapidly, encrypting files and making systems inoperable.

NotPetya’s targets were primarily businesses and organizations, including major global companies like Maersk and Merck. Despite starting in Ukraine, the worm quickly spread worldwide, causing estimated damages of over $10 billion.

Interestingly, despite appearing to be ransomware, NotPetya was more of a ‘wiper’—its main purpose was to cause disruption rather than extort money. This was because the malware’s encryption was designed to be irreversible.

In response to the attack, affected companies had to rebuild their IT systems from scratch, and security firms worldwide updated their systems to detect and block NotPetya. The attack was attributed to the Russian military by several Western governments, marking it as a state-sponsored cyberattack. However, no traditional legal consequences were pursued due to the geopolitical nature of the incident.

17. Bad Rabbit (2017)

The Rapidly Multiplying Menace

Later in 2017, another cyber threat hopped onto the scene. Dubbed ‘Bad Rabbit,’ this ransomware spread primarily through drive-by attacks where insecure websites were used to infect visitors.

The main targets of Bad Rabbit were corporate networks, particularly in Russia and Ukraine. The malware encrypted files and demanded a Bitcoin ransom to restore access, causing significant disruption.

The geographic scope of Bad Rabbit was mainly Eastern Europe, but some infections were reported in other countries, showing the potential for global spread. The financial impact is hard to estimate, but several major organizations were affected, causing business interruption and IT clean-up costs.

The nature of the data compromised by Bad Rabbit varied, from business files to personal data, depending on what was stored on the infected computers. In response to the attack, patches were applied and infected websites cleaned.

The perpetrators behind Bad Rabbit were never definitively identified, demonstrating the challenges in attributing such attacks. This also meant no legal consequences were pursued, underscoring the impunity with which some cybercriminals can operate.

Conclusion

Staying Safe in the Digital World

As our exploration of history’s most notorious computer viruses shows, the digital world can be a dangerous place. But just like in the real world, there are steps you can take to protect yourself and your data.

Firstly, always keep your devices updated. Think of updates like vaccines for your devices—they help to protect against known threats. While it can be tempting to ignore update notifications, remember that they often include important security patches.

Secondly, consider investing in great antivirus software for Windows 11 like Norton, Bitdefender, McAfee, Panda, or Kaspersky. Just as you would lock your doors and windows to keep out burglars, antivirus software can help keep cyber threats at bay.

However, remember that no solution is 100% foolproof. Be vigilant about suspicious emails and links, and regularly back up your data so you can restore it if necessary.

Staying informed about cyber threats is also crucial. Here are some trusted resources where you can learn more:

In this digital age, we all have a role to play in cybersecurity. By staying updated, being vigilant, and using protective tools, we can each contribute to a safer digital world. Remember, the key to staying safe online is much like the key to staying safe offline: awareness, caution, and preparedness.

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.

Over the years, he has tested most of the best antivirus software for Windows, Mac, Android, and iOS, as well as many VPN providers.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.

You can find him on LinkedIn or contact him here.