Computer Worm Examples (2023): The 18 Worst Attacks Ever

By Tibor Moes / Updated: May 2023

Computer Worm Examples (2023): The 10 Worst Attacks Ever

The 18 Worst Computer Worm Examples of All Time

Imagine if you left your front door wide open all day and night, chances are, you’d get some unwanted visitors. Now, picture your computer as your home in a bustling digital city. A computer worm is like that pesky intruder who slips in, uninvited, causing all sorts of chaos.

In this article, we’ll walk you through 18 of the most notorious computer worm examples, demonstrating just how important it is to keep your ‘digital door’ firmly closed.

What is a computer worm?

A computer worm is a piece of malware that automatically copies itself from one computer to another.

Don’t become a victim of a computer worm. Protect your devices with the best antivirus software and your privacy with the best VPN service.

Summary

These are the worst computer worm examples of all time:

  1. The Morris Worm (1988): A graduate student’s experiment spiraled out of control, resulting in the first significant worm attack on the internet. The event led to a greater awareness of network security and the creation of the first Computer Emergency Response Team.
  2. ILOVEYOU Worm (2000): Originating in the Philippines, this worm infected millions of computers worldwide, exploiting an era of naïveté about email attachments. The attack highlighted the need for international cooperation and comprehensive legislation in the field of cybersecurity.
  3. Code Red Worm (2001): This worm targeted a vulnerability in Microsoft’s IIS web server, causing significant financial damage and demonstrating the potential for worms to cause widespread disruption. The perpetrators remain unknown.
  4. Sobig Worm (2003): This worm-trojan hybrid infiltrated systems through email attachments, causing an estimated $37 billion in damages. Despite its global impact, the creators of Sobig were never identified.
  5. Blaster Worm (2003): This worm launched a Denial of Service attack against Microsoft’s Windows Update website, causing widespread disruption. A teenager was later identified as the perpetrator and sentenced to prison.
  6. Sasser Worm (2004): This worm exploited a vulnerability in Windows systems, causing computers to crash and reboot. The perpetrator, an 18-year-old German student, was caught and given a suspended sentence.
  7. Mydoom Worm (2004): One of the fastest-spreading email worms in history, Mydoom caused an estimated $38 billion in damages. The creators of this damaging worm were never identified.
  8. Conficker Worm (2008): This worm formed a massive botnet, causing significant financial damage. International cooperation led to the formation of the Conficker Working Group, but the creators remain unknown.
  9. Stuxnet Worm (2010): A highly sophisticated piece of malware believed to be a joint effort between the US and Israel, Stuxnet targeted Iran’s nuclear enrichment program. The event marked a new era in cyber warfare, showing that cyberattacks could have real-world physical impacts.
  10. Cryptolocker Worm (2013): Known as the “Digital Kidnapper,” Cryptolocker was a ransomware that encrypted user files and demanded a ransom, often in Bitcoin, to decrypt them. It was part of a rising trend in cyber threats and resulted in millions in gains for the perpetrators.
  11. Emotet Worm (2014): First discovered as a banking Trojan, Emotet evolved into a highly adaptable and persistent malware distributor. It had a significant global impact and was dubbed “the most costly and destructive malware” by the United States Department of Homeland Security.
  12. Regin Worm (2014): This worm was a stealthy cyber espionage tool that stayed undetected on systems for years while collecting information. Its sophistication suggested it was a product of a nation-state, and it highlighted the need for strong cybersecurity.
  13. WannaCry Worm (2017): This was a widespread ransomware attack that encrypted files on Microsoft’s Windows operating system and demanded a ransom to unlock them. It affected hundreds of thousands of computers globally and caused billions in damages.
  14. NotPetya Worm (2017): NotPetya appeared as a ransomware attack but was mainly focused on destruction. It targeted a vulnerability in Microsoft’s Windows operating system and caused disruptions globally, resulting in over $10 billion in damages.
  15. Bad Rabbit Worm (2017): This ransomware primarily targeted organizations in Russia and Ukraine, using a “drive-by” attack method. It tricked users into downloading a fake Adobe Flash update, which then delivered the ransomware.
  16. VPNFilter Worm (2018): Unique in its strategy, VPNFilter targeted network devices like routers and network-attached storage devices. It infected an estimated half a million devices worldwide, stealing credentials and bricking infected devices.
  17. BlueKeep Worm (2019): This vulnerability in Microsoft’s Remote Desktop Protocol posed a potential threat for a worm-like spread. Although an actual worm exploiting this was never reported, it reminded the world of the importance of proactive security measures and regular system patching.
  18. Qakbot/Qbot Worm: First emerging around 2009, Qakbot evolved from a banking Trojan to a self-propagating worm. It targeted both businesses and individuals, stealing sensitive financial data and highlighting the evolving nature of cyber threats

Read on for more details on each computer worm example.

1. The Morris Worm (1988)

The First Digital Nuisance

It all began in November 1988, a time when the internet was still a novelty, mostly used by academics and researchers. Robert Tappan Morris, a graduate student at Cornell University, decided to test the extent of the internet by releasing a worm. However, what started as a harmless experiment quickly spiraled out of control.

The Morris Worm rapidly propagated across networks, exploiting vulnerabilities in Unix systems. The worm was not designed to cause damage, but its rapid replication consumed significant system resources, slowing down affected computers to a crawl or even causing them to crash. The attack, which lasted a couple of days, impacted around 6,000 computers – an enormous number at the time – causing millions of dollars in damage.

In an unprecedented move, Morris was tried and convicted under the newly enacted Computer Fraud and Abuse Act. He was sentenced to probation, community service, and fined. This event marked a turning point, sparking a greater awareness of the need for better network security and inspiring the creation of the first Computer Emergency Response Team (CERT).

2. ILOVEYOU Worm (2000)

The Love Letter That Brought The World To Its Knees

Fast forward to May 2000, a simpler time when people were less skeptical about opening an email attachment from an unknown sender. This was the setting for the ILOVEYOU worm outbreak, which originated in the Philippines.

An unsuspecting user would receive an email with the subject “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.txt.vbs.” Upon opening the attachment, the worm would override files, send copies of itself to everyone in the user’s address book, and even steal passwords. It spread worldwide in a matter of hours, causing disruptions on an unprecedented scale.

The ILOVEYOU worm infected millions of computers across businesses, governments, and homes, causing an estimated $10 billion in damages. The perpetrators, Reonel Ramones and Onel de Guzman, were college students who exploited a vulnerability in Microsoft’s Windows Script Host. They were eventually identified but not prosecuted due to the lack of appropriate cybercrime laws in the Philippines at the time. This global outbreak highlighted the need for international cooperation and comprehensive legislation in the field of cybersecurity.

3. Code Red Worm (2001)

The Caffeinated Attack

In July 2001, a worm named after a popular caffeinated drink, Code Red, took the world by storm. Its target was a vulnerability in Microsoft’s Internet Information Services (IIS) web server. Upon infection, the worm defaced websites with the message “Hacked by Chinese!” and launched a Denial of Service attack against several IP addresses, including the White House’s web server.

Code Red was a global threat, infecting over 350,000 servers in less than a week. While the exact financial damage is difficult to calculate, estimates range from $2 to $3 billion due to disruption in services and the cost of countermeasures.

The worm was halted by a concerted effort from tech companies and government agencies, which involved patching vulnerable software and increasing network security measures. However, the perpetrators behind the Code Red worm remain unknown. The attack underscored the need for regular software updates and the potential for worms to cause widespread disruption.

4. Sobig Worm (2003)

The Big, Bad Email Intruder

The year was 2003, and email was becoming a primary mode of communication for businesses and individuals alike. It was the perfect time for the Sobig worm to make its appearance. This worm was unique because it was also a Trojan, disguising itself as a benign email attachment to infiltrate systems.

Once an unsuspecting user clicked on the email attachment, the worm activated, sending itself to all contacts in the user’s address book. It also opened a backdoor to the infected computer, allowing the perpetrator to control it remotely. The worm had a devastating global impact, affecting hundreds of thousands of computers and causing an estimated $37 billion in damages.

The Sobig worm was designed to deactivate itself after a certain period, making it harder for cybersecurity experts to study. Despite their best efforts, the individuals behind Sobig were never identified. This worm attack highlighted the threats posed by email attachments and the need for individuals and businesses to exercise caution when handling unsolicited emails.

5. Blaster Worm (2003)

The Anti-Microsoft Missile

Later in 2003, the Blaster Worm, also known as the Lovesan worm, made headlines. This worm was peculiar as it carried a payload that targeted Microsoft, launching a Denial of Service (DoS) attack against the company’s Windows Update website. The worm’s creator had a clear message for Microsoft, even including a note in the worm’s code stating, “billy gates why do you make this possible? Stop making money and fix your software!!”

The Blaster Worm spread rapidly, exploiting a vulnerability in Windows operating systems. It infected computers worldwide, with estimates of impacted systems ranging from hundreds of thousands to millions. The financial damage, while hard to calculate, was significant due to the disruption in services and costs of implementing countermeasures.

Efforts to combat the Blaster Worm involved a collaborative effort from tech companies and government agencies to patch the vulnerability and remove the worm from infected systems. A teenager from Minnesota, Jeffrey Parson, was later identified as the perpetrator and sentenced to 18 months in prison. The attack highlighted the importance of keeping software up-to-date and the potential for worms to be used as tools of protest.

6. Sasser Worm (2004)

The System Crasher

In 2004, just a few days after Microsoft announced a vulnerability in Windows XP and 2000, the Sasser Worm was released. Unlike many other worms, Sasser did not spread via email. Instead, it scanned random IP addresses for systems with the specific vulnerability and infected them.

Once inside, the worm altered the operating system, causing the computer to crash and reboot. This worm was a global menace, disrupting businesses, public services, and even transportation systems – an airplane flight was grounded due to the worm affecting the airline’s system.

Financial damages from the Sasser worm are estimated to be in the tens of millions of dollars, but the real impact was likely much higher when considering the disruption it caused. The worm’s reign was short-lived, thanks to the swift action from Microsoft and cybersecurity organizations that developed removal tools and patched the vulnerability.

In a surprising twist, the perpetrator was an 18-year-old German student named Sven Jaschan. He was caught, tried, and given a suspended sentence due to his minor status. The Sasser worm attack served as a stark reminder of the importance of timely software updates and the potential consequences of failing to address known vulnerabilities.

7. Mydoom Worm (2004)

The Speedy Saboteur

In January 2004, a new worm called Mydoom, also known as Novarg, made its debut. This worm took the form of an email attachment, and once opened, it quickly used the victim’s address book to propagate itself. Mydoom also had the capability to launch a Denial of Service (DoS) attack against specific websites.

Mydoom spread at an alarming rate, becoming one of the fastest-spreading email worms in history. It caused widespread disruptions worldwide, affecting businesses and individuals alike. Estimates put the financial damage at a staggering $38 billion, making it one of the most damaging worms ever.

Despite the widespread damage and high profile of the attack, the creators of Mydoom were never identified. It served as a stark reminder of the potential dangers lurking in one’s email inbox and highlighted the need for robust email security practices.

8. Conficker Worm (2008)

The Control Seizer

Fast forward to 2008, when the Conficker worm, also known as Downup or Downadup, made its appearance. This worm targeted a vulnerability in Microsoft’s Windows operating system, allowing it to control the infected machine and add it to a network of infected computers, known as a botnet.

The Conficker worm was an international menace, infecting millions of computers across every continent. It affected individuals, businesses, and even government systems. Estimates suggest that the financial damage caused by the disruption and the cost of countering the worm could be in the billions.

A unique aspect of the Conficker story is the unprecedented cooperation between tech companies and international organizations to combat the worm. This led to the formation of the Conficker Working Group, which successfully managed to limit the worm’s damage. However, despite their best efforts, the creators of Conficker remain unknown. This attack underscored the threat posed by botnets and the importance of international cooperation in cybersecurity.

9. Stuxnet Worm (2010)

The Digital Weapon

In 2010, a new type of threat emerged in the form of the Stuxnet worm. This worm was not designed to steal data or take control of computers; instead, it was designed to cause physical damage. Stuxnet specifically targeted the control systems of centrifuges used in Iran’s nuclear enrichment program.

The worm was a game-changer because it demonstrated that a cyberattack could have real-world physical impacts. It’s believed that Stuxnet destroyed about 1,000 centrifuges, setting back Iran’s nuclear program significantly.

Believed to be a joint effort between the US and Israel, the Stuxnet worm was a highly sophisticated piece of malware that used several zero-day exploits. While the financial costs are difficult to estimate, the geopolitical implications were significant.

Stuxnet marked a new era in cyber warfare, showing that state-sponsored entities could use cyberattacks to achieve geopolitical objectives. It highlighted the importance of securing critical infrastructure against potential cyber threats and sparked international debate on the rules of engagement in cyber warfare.

10. Cryptolocker Worm (2013)

The Digital Kidnapper

In 2013, a new type of threat emerged in the form of the Cryptolocker worm. Unlike previous worms that aimed to spread as far as possible or cause disruption, Cryptolocker had a more sinister goal – to hold user’s files for ransom. This worm marked the rise of a dangerous new trend in cyber threats: ransomware.

Cryptolocker would infiltrate a system, typically via a malicious email attachment, and then encrypt user files. It would then demand payment, often in Bitcoin, to decrypt the files. While it’s difficult to know exactly how many people paid the ransom, it is estimated that the perpetrators made millions of dollars.

The creators of Cryptolocker were believed to be part of a criminal organization called GameOver ZeuS botnet. In a significant international law enforcement operation, the botnet was disrupted, and Evgeniy Bogachev, the alleged ringleader, was indicted. However, Bogachev remains at large.

Cryptolocker had a global impact, affecting both individual users and businesses. It highlighted the rising threat of ransomware and the importance of keeping backups of important files.

11. Emotet Worm (2014)

The Persistent Parasite

First discovered in 2014, the Emotet worm initially functioned as a banking Trojan, stealing sensitive financial information from its victims. However, it evolved over time to become a highly adaptable and persistent threat, distributing other malware and acting as a platform for cybercriminals to launch additional attacks.

Emotet spread via malicious email attachments and compromised websites, infecting systems worldwide. Its impact was significant, with the United States Department of Homeland Security referring to Emotet as “the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments.”

In January 2021, a coordinated international law enforcement operation succeeded in disrupting the Emotet infrastructure, leading to arrests and the seizure of servers. The operation marked a major milestone in the ongoing battle against cybercrime.

The Emotet worm’s story serves as a reminder of the persistence and adaptability of cyber threats, as well as the importance of international cooperation in tackling these ever-evolving challenges.

12. Regin Worm (2014)

The Stealthy Spy

In 2014, an advanced piece of malware known as the Regin worm was discovered. Regin was no ordinary worm; it was a sophisticated cyber espionage tool. It was designed to be stealthy, capable of staying undetected on a system for years while collecting information.

Regin targeted a variety of international entities, including government organizations, infrastructure operators, businesses, researchers, and private individuals. Given its targets and level of sophistication, it is widely believed that Regin was developed by a nation-state, though the exact perpetrator remains unknown.

The Regin worm showed the world the advanced capabilities of state-sponsored cyber espionage tools and highlighted the need for robust cybersecurity measures, even for entities that might not consider themselves likely targets.

13. WannaCry Worm (2017)

The Global Extortion Scheme

In 2017, the world experienced one of the most widespread ransomware attacks in history – the WannaCry worm. WannaCry exploited a vulnerability in Microsoft’s Windows operating system, encrypting files and demanding a ransom to unlock them.

The worm had a significant global impact, affecting hundreds of thousands of computers across 150 countries. Major organizations, including the UK’s National Health Service, were significantly disrupted. The total financial damage caused by WannaCry is estimated to be in the billions of dollars.

While the attack was eventually halted by a cybersecurity researcher who discovered a “kill switch” in the worm’s code, the perpetrators behind WannaCry have been linked to the North Korean state-sponsored group known as Lazarus Group.

WannaCry marked a new level of threat from ransomware, showing that even critical services like healthcare could be disrupted by such attacks. It emphasized the importance of keeping systems up-to-date and the potential consequences of failing to patch known vulnerabilities.

14. NotPetya Worm (2017)

The Destructive Disguise

In June 2017, just one month after the WannaCry outbreak, another devastating cyberattack took the world by storm. The NotPetya worm initially seemed like a ransomware attack, but it soon became clear that its primary goal was destruction, not financial gain.

NotPetya targeted a vulnerability in Microsoft’s Windows operating system, similar to WannaCry. However, its primary function was to overwrite and destroy data on infected systems, leaving them inoperable. The worm caused significant disruptions across the globe, affecting businesses, government institutions, and infrastructure.

The financial cost of NotPetya is estimated to be over $10 billion, making it one of the most expensive cyberattacks in history. The worm was eventually traced back to a state-sponsored Russian hacking group, further demonstrating the potential for cyber warfare to cause widespread damage.

NotPetya served as a wake-up call for governments and businesses to take the threat of cyber warfare seriously and highlighted the importance of having robust cybersecurity measures in place to protect against such attacks.

15. Bad Rabbit Worm (2017)

The Cunning Trickster

In October 2017, the Bad Rabbit worm emerged, primarily targeting organizations in Russia and Ukraine. This ransomware attack followed in the footsteps of WannaCry and NotPetya, but used a different method to infect systems. The worm employed a “drive-by” attack, tricking users into downloading a fake Adobe Flash update that delivered the ransomware payload.

Once the worm infiltrated a system, it encrypted files and demanded a ransom payment in Bitcoin. The attack caused disruptions in various sectors, including transportation, media, and government organizations.

Although the financial impact of Bad Rabbit was not as significant as its predecessors, it demonstrated the evolving tactics used by cybercriminals. The perpetrators behind the worm remain unidentified, and the incident highlighted the need for continued vigilance and user education to combat the ever-changing world of cyber threats.

16. VPNFilter Worm (2018)

The Router Ransacker

First identified in 2018, the VPNFilter worm took an unusual route in its attack strategy: it targeted network devices like routers and network-attached storage devices. This worm displayed a potent combination of capabilities, including spying on traffic, stealing website credentials, and even bricking the infected devices.

VPNFilter infected an estimated half a million devices worldwide, posing a serious threat to both individual users and businesses. Given the wide variety of devices it targeted, and its ability to persist even after a device reboot, VPNFilter was a formidable adversary.

A significant aspect of the VPNFilter story is its attribution to a state-sponsored group, Fancy Bear, which is believed to have ties to Russia’s military intelligence agency. This connection underscored the potential for cyber warfare to extend beyond computers and servers to everyday internet-connected devices.

17. BlueKeep Worm (2019)

First identified in 2019, the BlueKeep vulnerability in Microsoft’s Remote Desktop Protocol (RDP) posed a potential threat for a worm-like spread. This vulnerability could allow an unauthenticated attacker to execute arbitrary code and take control of a vulnerable system.

Although a worm specifically exploiting BlueKeep was never reported in the wild, the potential for a devastating worm-like attack was significant, reminding many of the WannaCry and NotPetya incidents. Microsoft and several cybersecurity organizations issued repeated warnings and urged users to apply the available patches.

The BlueKeep vulnerability story is a potent reminder of the need for proactive security measures and regular system patching. It also highlights the importance of responsible vulnerability disclosure and swift action by software vendors.

18. Qakbot/Qbot Worm

The Stealthy Swindler

First emerging around 2009, the Qakbot (or Qbot) worm is a classic example of a banking Trojan turned into a worm for self-propagation. Qakbot is known for its stealthy operation, sophisticated evasion techniques, and its focus on stealing sensitive financial data.

Qakbot initially targeted businesses but eventually broadened its scope to include individual users. It spread via malicious email attachments and network shares, and could also download additional malware onto infected systems, increasing the potential harm to its victims.

While Qakbot’s exact financial impact is hard to estimate, it likely resulted in significant losses given its focus on financial data theft. Qakbot has seen several resurgences over the years, with cybercriminals continually updating its capabilities to evade detection and increase its effectiveness.

The story of Qakbot emphasizes the ongoing and evolving nature of cyber threats, the potential for significant financial loss, and the importance of robust security measures to protect sensitive financial information.

In Conclusion: Keeping Safe in a Digital World

So, there you have it – a journey through the most infamous computer worm attacks, each leaving its unique mark on the digital world. These examples underscore the serious threats posed by cybercriminals, whether they’re lone wolves, organized crime syndicates, or state-sponsored entities.

But fear not! There are steps you can take to protect yourself in this digital age:

  1. Stay Updated: Ensure all your devices and applications are up-to-date. Software updates often include patches for security vulnerabilities that worms and other malware exploit.
  2. Invest in Protection: Consider purchasing reputable antivirus software like Norton, Bitdefender, McAfee, Panda, Kaspersky. These programs are designed to detect and neutralize threats before they can do damage.
  3. Beware of Suspicious Emails: Many worms spread through malicious email attachments. Always be cautious of unexpected emails and never download an attachment unless you’re sure it’s safe.
  4. Educate Yourself: Knowledge is power in the fight against cyber threats. Stay informed about the latest threats and safety practices.

For those interested in diving deeper into the world of cybersecurity, here are a few trusted resources:

Remember, in the digital world, staying safe is an ongoing process. Keep learning, stay vigilant, and protect yourself to ensure that your digital life remains your own.

Author: Tibor Moes

Author: Tibor Moes

Founder & Chief Editor at SoftwareLab

Tibor is a Dutch engineer and entrepreneur. He has tested security software since 2014.

Over the years, he has tested most of the best antivirus software for Windows, Mac, Android, and iOS, as well as many VPN providers.

He uses Norton to protect his devices, CyberGhost for his privacy, and Dashlane for his passwords.

This website is hosted on a Digital Ocean server via Cloudways and is built with DIVI on WordPress.

You can find him on LinkedIn or contact him here.