Since the PC industry started in the 1970’s, hackers have created viruses to attack them and cause damage. These threats have been created for various reasons, ranging from financial gain to a simple challenge for the hacker. Here is a list of prevalent system threats over the past 50 years.
| Virus name | Date(s) | Type | How It Infects | Typical Damage Caused |
|---|---|---|---|---|
| Creeper | 1971 | Experimental self-replicating TENEX operating system Worm | Gained access using the ARPANET | “Displayed the message ““I’m the creeper, catch me if you can!””” |
| Rabbit | 1974 | Fork bomb denial-of-service attack | “Uses the fork system call, and can fork endlessly” | “Makes multiple copies of itself on a single computer until it clogs the system, reducing system performance. This finally reaches a threshold and crashes the computer.” |
| Elk Cloner | 1982 | Apple II virus | “The first virus observed ““in the wild.”” It displayed a message but caused very little damage.” | |
| Brain | 1986 | MS-DOS computer virus | Floppy disk or diskette | The virus slows down the floppy disk drive and makes seven kilobytes of memory unavailable to DOS. |
| Vienna | 1987 | Computer virus | Floppy disk or diskette DOS .com-infecting virus | Causes a warm reboot when the program is run. |
| Lehigh | 1987 | Computer virus | DOS virus that infects via floppy disk or diskette | “After 4 infections, it overwrites the boot sector and file allocation table.” |
| Stoned | 1987 | Boot sector virus family | It only infects 360 kilobyte 5.25 inch floppies and hard drives | “The infected computer will beep and display the message ““Your PC is now stoned! LEGALIZE MARIJUANA!”” Any files with directory entries on that sector will be lost. It can also cause the disk’s FAT to be corrupted.” |
| Cascade | 1987 | Computer virus | Floppy disk or diskette | “It causes a ““falling letters”” effect on the screen, and may also cause some noise.” |
| Jerusalem | 1987 | DOS file infector virus | Floppy disk or diskette | “It infects DOS.EXE files. Delivers two payloads, one that is annoying but relatively harmless and the other destructive. The non-destructive one creates a ‘black window’ on the screen. Then the system slows down due to a time-wasting loop installed on each timer interrupt. The destructive payload activates on any Friday the 13th, deleting any program run on that day. Sometimes this causes the files to consume all available storage space.” |
| SCA | 1987 | Amiga boot sector virus | 3.5 and 5.25-inch floppy disk or diskette | |
| Christmas Tree | 1987 | Mass-mailing worm | “Email with the subject line ““Let this exec run and enjoy yourself!”” The user must execute the program by typing ““christma”” or ““christmas.””” | “Paralyses a network when executed and displays an ASCII Christmas tree. It then reads the files ““NAMES,”” ““NETLOG,”” and files containing the addresses of communication partners. It emails itself to every address in these files.” |
| MacMag | 1987 | Classic Mac OS computer virus | Compuserve forum | “Infects any disks inserted into the computer. Replicates until 3/2/1988, when it displays a message from MacMag and then deletes itself.” |
| nVIR | 1987 | Classic Mac OS computer virus | “Floppy disk, diskette, or a network” | Crashes or slows a system and causes printing errors. |
| SCA | 1987 | Amiga Boot sector virus | Floppy disk or diskette | “Displays a message on the screen, but is mostly harmless. May destroy a legitimate non-standard boot block.” |
| Morris Worm | 1988 | Computer worm | Exploits security flaws in Unix systems | Launches denial of service attacks. |
| Ping Pong | 1988 | DOS boot sector virus | Floppy disk or diskette | “Harmless to most computers. Shows a small ““ball”” bouncing around the screen in both text mode (the ASCII bullet character “”•””) and graphical mode. Systems may crash during the ball’s appearance on the screen.” |
| Byte Bandit | 1988 | Amiga boot sector virus | 3.5 and 5.25-inch floppy disk or diskette | It causes the screen to go black. |
| Scores | 1988 | Classic Mac OS computer virus | Floppy disk or diskette | “Infects the System, Scrapbook, and Notepad files that are run and crashes programs.” |
| Swap | 1989 | Boot sector virus | Floppy disk or diskette | “It causes ““falling letters”” effect and may also cause some noise. infects any diskette that is inserted into the system” |
| Ghostball | 1989 | Multipartite computer virus | Floppy disk or diskette | Drops a copy of the Pingpong virus on diskettes. |
| AIDS | 1989 | “Trojan, ransomware” | Email lists | Displays a notice asking for $189 to be sent to a post office box in Panama to get a decryption program. |
| Alabama | 1989 | DOS computer virus | “Infects .EXE files. Files infected increase in size by 1,560 bytes. Displays message 1 hour after execution.” | |
| ANTI | 1989 | Classic Mac OS computer virus | The first Mac OS virus not to create additional resources. It only patches existing CODE resources. Causes small overall effects. | |
| Lamer Exterminator | 1989 | Amiga boot sector virus | Storage media | “Writes bootblocks 84 times with the ““LAMER!”” string.” |
| SevenDust | 1989 | Classic Mac OS polymorphic virus | Various storage media | Deletes non-application files. |
| WDEF | 1989 | Classic Mac OS computer virus | Floppy disk or diskette | |
| Form | 1990 | DOS boot sector virus | Floppy disk or diskette | It causes clicking noises and severe data damage. It will infect any media inserted into the machine. |
| 1260 | 1990 | DOS polymorphic virus | Floppy disk or diskette | Infects DOS executable files. |
| 4K | 1990 | DOS virus | Floppy disk or diskette | “Infected systems will hang on September 22 of each year, which is also the date of birth of Bilbo Baggins.” |
| AIDS | 1990 | DOS virus | “AIDS is the first virus known to exploit the DOS ““corresponding file”” vulnerability.” | |
| AIDS II | 1990 | DOS virus | Targets .EXE files. Displays message and plays a song. | |
| Ambulance | 1990 | DOS virus | Infects .EXE files. | |
| CDEF | 1990 | Classic Mac OS Computer virus | Floppy disk or diskette | Infects application and system files. It causes various levels of damage. |
| MDEF | 1990 | Classic Mac OS Computer virus | Storage Media | Infects menu definition resource fork files. |
| Ontario | 1990 | DOS file infector virus | Floppy disk or diskette | “Infects .COM, .EXE. and .OVL files. Increases file size by 512 bytes, 1023 bytes. Corrupts the hard drive over time.” |
| Scott’s Valley | 1990 | DOS file infector virus | Floppy disk or diskette | Infects .COM and .EXE files. Causes system slowdown. |
| Whale | 1990 | DOS Polymorphic virus | Floppy disk or diskette | “Infects .COM, .EXE files. Simulates rebooting a system. May display the message: ““THE WHALE IN SEARCH OF THE 8 FISH I AM ‘~knzyvo}’ IN HAMBURG address error D9EB,02.”” It also causes a system slow down.” |
| Zuc | 1990 | Classic Mac OS computer virus | “Storage media, internet, or a network” | |
| Michelangelo | 1991 | DOS boot sector virus | Floppy disk or diskette | “Overwrites all data on the hard disk with random characters. Infects sector 28 on 1.2-megabyte floppy disks. Ran on March 6th, Michelangelo’s birthday. Makes data irretrievable by the user.” |
| Ada | 1991 | DOS virus | “Targets .COM files, usually COMMAND.COM. Beeps from system speaker, hangs the system, shows ““Disk full”” error.” | |
| Eliza | 1991 | DOS virus | Infects .COM and .EXE files. Low-level threat. | |
| Koko | 1991 | DOS virus | Storage media | Payload activates on July 29 and February 15. It can erase data on the user’s hard drive. Displays a message. |
| Ontario.1024 | 1991 | DOS file infector virus | Floppy disk or diskette | Infects files and corrupts hard drives over time. |
| Freddy Krueger | 1992 | Memory resident infector | Diskettes or connected computer | Deletes infected files. It will also infect any program run by the user. |
| Bomber | 1992 | DOS polymorphic memory-resident computer virus | Diskettes or connected computer | “Works via a ““patchy infection”” technique. The beginning of the virus code contains the unencrypted text: COMMANDER BOMBER WAS HERE.” |
| 5lo | 1992 | DOS computer virus | Infects .EXE files only. Total free system memory will decrease by 2K. | |
| Acid | 1992 | “DOS, Windows 95, 98 virus” | Inserted storage media | “Infects COM file, and .EXE files. Disk directory listing will not be altered. Programs have the first 792 bytes overwritten with Acid’s own code.” |
| Acme | 1992 | “DOS, Windows 95 virus” | Infects another .EXE in the current directory by making a hidden .COM file with the same base name. | |
| ABC | 1992 | DOS Computer virus | It causes keystrokes on the infected computer to be repeated. | |
| ARCV-n | 1992 | DOS Computer virus | Infects .COM and .EXE files. Displays text messages. | |
| INIT 1984 | 1992 | Classic Mac OS computer virus | “Storage media, email, internet connection” | Triggered at bootup on Friday the 13th. Infects startup INIT files. Changes file names to random strings. It has a low threat level. |
| Ontario.2048 | 1992 | DOS file infector virus | Floppy disk or diskette | Infects files and corrupts hard drives over time. |
| Abraxas | 1993 | “DOS, Windows 95, Windows 98 virus” | “Infects COM file. Overwrites files, displays ““ABRAXAS”” in ASCII art and plays a series of sounds.” | |
| OneHalf | 1994 | Polymorphic DOS boot virus | Diskettes or connected computer | “Will display the message: ““Dis is one half…Press any key to continue …””” |
| Natas | 1994 | “DOS multipartite, stealth, polymorphic virus” | Floppy disk or diskette | Affects .COM and .EXE files. |
| SMEG engine | 1994 | DOS polymorphic virus engine | Creates other viruses. | |
| Concept | 1995 | Macro virus for MS Word | CD’s released by some major corporations. Email mass mailings | Affects MS Word documents. |
| Bizatch | 1995 | MS Windows 95 virus | “CD’s, diskettes or connected computer” | “On the 31st of any month, it displays a message box praising the VLAD group and listing the current members of VLAD.” |
| Hare | 1995 | “DOS, Windows 95, Windows 98 virus” | “Storage media, email, internet connection” | “Infects .COM and .EXE files, master boot record of hard disks, and boot sector of floppy disks. Activates on August 22 and September 22. Erases hard disk and displays the message: ““HDEuthanasia by Demon Emperor.””” |
| Ply | 1996 | DOS non-encrypted polymorphic virus | “CD’s, diskettes or connected computer” | Infects all .exe files it finds. |
| Laroux | 1996 | Microsoft Excel virus | “CD’s, diskettes or connected computer” | “Adds the Excel macro ““laroux”” to PERSONAL.XLS. The virus will then infect any Excel workbook available.” |
| Staog | 1996 | Linux virus | “CD’s, diskettes or connected computer” | “Never been wild, and had no destructive payload. No damage caused.” |
| Alcon | 1997 | DOS computer virus | Overwrites random files on a disk causing damage over time. | |
| Esperanto | 1997 | “DOS, MS Windows, classic Mac OS, multi-processor virus.” | “Storage media, email, internet connection” | Infects .COM and .EXE files. Runs when computer is started. Displays a message on 26 of July. |
| CIH | 1998 | File virus | “Pirated software, a ““PWA-cracked copy”” of Windows 98” | “Makes it impossible to boot from the hard drive. It may be impossible to recover some of the lost data. Nothing may be displayed when the user starts the computer. The virus can only spread on Windows 95, 98 and ME systems.” |
| Happy99 | 1999 | Email / newsgroup worm | “Email or news post with attachment named ““Happy99.exe””” | No destructive payload and never caused any damage. |
| ExploreZip | 1999 | Mass-mailer worm | Email mass mailings | “Destroys certain files, disrupts email systems.” |
| CTX | 1999 | Computer virus | Spreads via the Cholera worm | Overwrites parts of .exe files. |
| Kak | 1999 | JavaScript worm | Uses a bug in Outlook Express to spread itself | “Uses SHUTDOWN.EXE to initiate a shutdown and show a popup with the text ““Kagou-anti-Kro$oft says not today!”” A minimized window appears on startup with the title ““Driver Memory Error.”” Another message may pop up saying ““S3 Driver Memory Alloc Failed!”” This happens on day 1 of each month at 6:00 pm.” |
| Marker | 1999 | “MS Word Polymorphic, Macro virus” | “Internet, various storage media” | Infects Word Documents. Keeps a log of infected computers. |
| Pikachu | 2000 | Email worm | “An email arrives titled ““Pikachu Pokemon”” and the body of the e-mail includes the text ““Pikachu is your friend.””” | “Adds the lines ““del C:\WINDOWS”” and ““del C:\WINDOWS\system32″” to the file ““autoexec.bat.”” Commands would be executed at the next boot, attempting to delete two critical directories of the Windows operating system. However, users would be given a prompt asking whether or not they wanted to delete those folders.” |
| Navidad | 2000 | Windows mass-mailer worm | Displays messages in Spanish and makes the system unusable. Spreads further through email clients. Adds NAVIDAD.EXE as an attachment. Adds an icon in the system tray. | |
| Anna Kournikova | 2001 | Computer worm | Email with an attachment .jpeg image that automatically sends itself to all contacts in a user’s Windows Address Book. | Caused problems in email servers due to the quantity spread. No other real damage. |
| Klez | 2001 | Computer worm | “E-mail message, spoofing. Sends itself to people in users’ address books.” | Could render a victim’s computer inoperable. It could even disable virus-scanning software and pose as a virus-removal tool. |
| Nimda | 2001 | Computer worm | “Email. open network shares, back doors, and compromised websites.” | Brings internet traffic to a crawl. |
| Sadmind | 2001 | Computer worm | “Network, email, CD, or diskette.” | Exploits vulnerabilities in both Sun Microsystems’ Solaris and Microsoft’s Internet Information Services. |
| Sircam | 2001 | Mass-mailer worm | Emailed out to email addresses in the host’s address book. It could also spread via open shares on a network. | Personal or private files were emailed to people who otherwise should not have received them. |
| ZMist | 2001 | Windows metamorphic virus | “Storage media, internet, or a network.” | Requires 32 MB of memory. Decompiles portable .EXE files. |
| Beast | 2002 | Trojan horse | Used the client-server model. The server is what would infect the victim’s computer. | It gave the attacker complete control over the infected computer. Infected other applications as well. |
| Mylife | 2002 | Mass-mailer worm | Emails to all contacts in Microsoft Outlook. | Affected home users mostly. |
| Simile | 2002 | Windows metamorphic virus | “Internet, various storage media.” | “Displays a message, ““Free Palestine!”” and infects .EXE files.” |
| SQL Slammer | 2003 | Computer worm | Affected Microsoft’s SQL Server and Desktop Engine database products. | Launched denial of service attacks. Dramatically slowed down general Internet traffic. |
| Graybird | 2003 | Trojan horse | “Email, CD, diskette, USB ports, or internet connection.” | “Downloads files from remote web sites, records keystrokes, extracts passwords, and steals PC information.” |
| ProRat | 2003 | Trojan horse | “Via a network, it uses a client and a server.” | “Logs keystrokes, steals passwords and gains full control over files.” |
| Blaster worm | 2003 | Computer worm | “Email, CD, diskette, USB ports” | “Displays in Windows the following message and then automatically reboots, usually after 60 seconds: “This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost.””” |
| Welchia | 2003 | Computer worm | “Email, CD, diskette, USB ports” | “Floods a network, installs its own Microsoft patches.” |
| Sobig | 2003 | Computer worm | “Emails with the sender address “”big@boss.com“”” | Used as a backdoor for spammers to mass email. |
| Swen | 2003 | Mass-mailing computer worm | “Microsoft Security update, email, Internet Relay Chat, Kazaa filesharing, and newsgroups.” | Tries to shut off antivirus programs and firewalls. |
| Sober | 2003 | Computer worm | “E-mail attachment, fake webpages, fake pop-up ads, and fake advertisements.” | Copies itself to one of several files in the Windows directory. Adds appropriate keys to the Windows registry and can e-mail itself to all addresses in a user’s e-mail address book. |
| Agobot | 2003 | Computer worm | “Email, CD, diskette, USB ports” | “Perform denial-of-service attacks, steal data, send spam, and allows the attacker to access the device and its connection.” |
| Bolgimo | 2003 | Win32 computer worm | Windows patch | Downloads the patch to the user’s desktop and run the patch installer. |
| Sasser | 2004 | Windows worm | Exploits buffer overflow vulnerability in Local Security Authority Subsystem Service (LSASS) | “Slows down and crashes the computer, while making it hard to reset without cutting the power.” |
| Mydoom | 2004 | Windows worm | Appears as an email transmission error. Spreads through email address books. | Creates a backdoor that allows remote access. Launches denial of service attacks. |
| Sasser | 2004 | Virus | Spread by email and social engineering | It causes system crashes and resource usage. |
| Bagle | 2004 | Mass-mailing worm | Mass-email as an attachment | It is a botnet causing e-mail spam. |
| Netsky | 2004 | Computer worm | “E-mail, social engineering tactics.” | Scans the computer for e-mail addresses and e-mails itself to all addresses found. |
| Witty | 2004 | Computer worm | Via hosts connected to the internet. | Attacks firewalls and other computer security products written by specific companies. |
| Caribe | 2004 | Computer worm | “Mobile phones running Symbian OS, and through Bluetooth wireless signals.” | “Displays the message ““Caribe”” on the phone’s screen, and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area.” |
| Vundo | 2004 | Trojan horse | “E-mail attachment carrying a trojan, browser exploits, and browser plug-ins.” | “It causes popups and advertising for rogue antispyware programs, performance degradation, and denial of service with some websites.” |
| Santy | 2004 | Computer worm | Uses Google to spread across the Internet. | “Infected servers and displayed the message ““This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X.”” X is a number of the generation of the worm.” |
| Zotob | 2005 | Internet worm | Plug-and-play | Makes an infected computer a part of a botnet. |
| Copy protection rootkit | 2005 | Rootkit | Included on music CDs sold by Sony BMG. | “Creates vulnerabilities on affected computers, making them susceptible to infection by worms and viruses.” |
| Zlob | 2005 | Malware Trojan downloader | Disguised as a needed video codec in the form of ActiveX. | “Random computer shutdowns or reboots showing random comments. Runs a file called ““zlberfker.exe.”” Redirects to websites and shows a number of inline videos. Playing the video activates a request to download an ActiveX codec that is malware. It prevents the user from closing the browser in a normal way.” |
| Nyxem | 2006 | Internet worm | Infected email attachments and network shares. | “The virus removes antivirus programs from remote computers before attempting to infect them. It activates on the third day of each month. On activation, the virus overwrites data files of many common types, including Word, Excel, and PowerPoint documents; ZIP and RAR archives; and PDFs. It can destroy files on fixed and removable drives and tries but fails, to affect data on network drives. It also attempts to disable antivirus programs or deletes the antivirus programs directly.” |
| Brontok | 2006 | Mass-email worm | “It arrives as an attachment to an e-mail named ““kangen.exe.”” “ | “Reboots the computer. Blanks out address typed in Windows Explorer before completion. Sends itself to email addresses it finds on the computer, even faking the own user’s email address as the sender. The computer also restarts when trying to open the Windows Command Prompt. Prevents the user from downloading files. It also opens the default Web browser and loads a web page which is located in the ““My Pictures”” folder.” |
| Stration | 2006 | Mass-mailer worm | “Disables security features, sends itself to other computers via e-mail attachments.” | |
| Kama Sutra | 2006 | Windows computer worm | “Destroys common files, such as .doc, .pdf, .zip, .xls and disables antivirus software.” | |
| Oompa | 2006 | Mac OS X worm | iChat message attachment | Displays a message. Marks other files. |
| RavMonE.exe | 2006 | Trojan horse worm | “iPod videos, removeable storage drives, email attachments, internet files.” | Allows unauthorized access to a computer. |
| Storm | 2007 | Trojan horse worm | “Used the click bait headline ““230 dead as storm batters Europe” which accompanied a link to the “story.”” | Turns computers into bots that re-distribute the email. |
| Alureon | 2007 | Botnet trojan | “Manual download, rogue software bundle” | “Steals data through network traffic, blocks Task Manager and desktop, Windows Update, disables antivirus programs. It also redirects search engines to fraud sites.” |
| Conficker | 2008 | Windows worm | Uses flaws in the OS to create a botnet. | Installs software that will turn the computer into a botnet slave. Includes scareware to obtain money from users. |
| Mocmex | 2008 | Trojan horse | Digital photo frame | “Collects passwords for online games, recognizes and blocks antivirus protection.” |
| Torpig | 2008 | Botnet | “Trojan horses, emails” | Collects sensitive personal and corporate data such as bank accounts and credit card information. |
| Bohmini.A | 2008 | Trojan horse | Malvertising via the social networking site Facebook. | Turns the computer into a bot or remotely controls it. |
| Fun | 2008 | Windows virus | Email attachment | Sends email with attachments as a response to any unopened emails in Outlook Express. |
| Zeus | 2009 | Trojan horse | Drive-by downloads or phishing scams | “Endangers FTP accounts and computers. Theft of login credentials. Performs various criminal tasks, usually man-in-the-browser keylogging and form grabbing.” |
| Daprosy | 2009 | Trojan worm | “Local area network (LAN) connections, spammed e-mails, USB mass storage devices.” | Steals online-game passwords in internet cafes. |
| MegaPanzer | 2009 | Trojan horse | Network and internet connections | Intercepts Skype and voice over IP traffic on Windows XP systems. |
| Kenzero | 2009 | Computer virus | Online via peer-to-peer networks (P2P) | Monitors the browsing history of users. |
| Stuxnet | 2010 | Computer worm | Via an infected USB flash drive | Used in cyberwarfare. Affected Iran’s nuclear program. |
| Waledac | 2010 | Mass-mailer worm | Email mass- mailings | “Sends spam emails and malware, harvests password info.” |
| Psyb0t | 2010 | Computer worm | Routers and high-speed modems. | Affects data and internet traffic flow. |
| here you have | 2010 | Trojan horse | “Sends a copy of itself to everyone in the Windows Address Book, Microsoft Outlook address book and delivers a payload.” | |
| SpyEye | 2011 | Malware | Attacks web browsers on Windows PCs. | Uses keystroke logging and form grabbing to steal user credentials for malicious use. |
| Anti-Spyware 2011 | 2011 | Trojan horse | Poses as an anti-spyware program. | “Disables security-related processes of anti-virus programs, blocks access to the Internet, and prevents updates.” |
| ZeroAccess | 2011 | Trojan horse | “Malvertising, affiliate scheme.” | Downloads other malware on an infected machine from a botnet while remaining hidden using rootkit techniques. |
| Duqu | 2011 | Computer worm | Microsoft Word document | It looks for information that could be useful in attacking industrial control systems. |
| Flame | 2012 | Malware | LAN or USB | “Records keyboard activity, network activity, screenshots, and skype conversations.” |
| Shamoon | 2012 | Computer virus | Spreads using a network. | “Overwrites the master boot record of the infected computer, making it unusable.” |
| NGRBot | 2012 | Computer worm | IRC network for file transfer. | “Steals user information, infects HTML pages, blocks security updates, monitors network activity.” |
| CryptoLocker | 2013 | Trojan horse | “Infected email attachments, Gameover Zeus botnet.” | “Encrypts files on a user’s hard drive, then prompts them to pay a ransom to the developer in order to receive the decryption key.” |
| Gameover ZeuS | 2013 | Peer-to-peer botnet | Through use of the Cutwail botnet. | Steals users’ login details on popular web sites that involve monetary transactions. Used for banking fraud and distribution of the CryptoLocker ransomware. |
| Linux.Darlloz | 2013 | Computer worm | “Internet of things, PHP vulnerability.” | “Infects routers, security cameras, set-top boxes.” |
| Regin | 2014 | Trojan horse | Spoofed web pages | “Downloads extensions of itself, making it difficult to be detected via anti-virus signatures. Used as a tool for espionage and mass surveillance.” |
| BASHLITE | 2015 | Linux malware | Local network | Launch distributed denial-of-service attacks. |
| MEMZ | 2016 | Trojan horse | Internet | “Moves the mouse cursor slightly, opens up humorous Google searches on the user’s web browser, and opens various random Microsoft Windows programs.” |
| Locky | 2016 | Ransomware malware | “Email, exploit kits, Word and Excel attachments with malicious macros, DOCM attachments, and zipped JS Attachments.” | Demands a payment of between 0.5 and 1 bitcoin that victims must pay to decrypt their files. |
| Tiny Banker | 2016 | Trojan malware | Networks | Man-in-the-browser attacks and network sniffing. |
| Mirai | 2016 | Botnet malware | “Internet, online consumer devices.” | DDoS attacks infecting the Internet of Things. |
| Mirai | 2016 | Linux Malware | Hacker forums as open-source. | Turns Linux system into a bot for a botnet. Launches Internet of Things Denial of service attacks. |
| Petya | 2017 | Trojan ransomware | Fake job emails. | Destroys user data. |
| Xafecopy | 2017 | Trojan horse | Mobile payments on websites. | Charges the user’s mobile carrier bill and subscribes to unwanted paid services. |
| Wannacry | 2017 | Ransomware | SMB port | Charges ransom of $300 to undo. |
| Xafecopy | 2017 | Android Trojan | “Downloadable apps, battery optimizers.” | Clicks on web pages to subscribe that charge money to the user’s phone bill. |
| Thanatos | 2018 | Ransomware | Deceptive advertising | “Charges a $200 USD ransom payment to one of the listed Bitcoin, Ethereum, or Bitcoin Cash addresses.” |
| Titanium | 2019 | Trojan horse | Internet | “Remains undetected, steals, and spies on user.” |
| AntiCMOS | 1994-1995 | DOS computer virus | “Due to a faulty virus code, it will not erase CMOS information as designed.” | |
| Melissa | 1999-present | Microsoft Word macro virus | Mass email. Primarily affects Microsoft Word and Outlook-based systems. | Mass mails itself using contact lists. Disables safeguard features on Microsoft Outlook and Microsoft Word. |
| ILOVEYOU | 2000-present | Computer worm | Email messages and mailing lists. | “Overwrites files, sends itself to all addresses in the Microsoft Outlook address book.” |
| Code Red | 2001-present | Computer worm | Targets Microsoft IIS web server buffer overflow workflow issue. | “Eats up system resources, launches denial of service attacks, and leaves the message: ““Hacked By Chinese!””” |
| Code Red 2 | 2001-present | Computer worm | Exploits a security hole in Microsoft’s Internet Information Server (IIS) webserver software. | Creates a backdoor that allows further attacks. |
| Bifrost | 2004-present | Backdoor Trojan horse | Server client | “Remote user can execute arbitrary code at will on the compromised computer. Some file attributes changed to ““Read Only”” and ““Hidden.””” |
| Rustock | 2006-2011 | Botnet | “Trojan horses, emails” | Sends spam messages with trojan horses and incorporates machines into the botnet. |
| Koobface | 2008-2010 | Computer worm | Spread via infected social media posts. | Targets mostly Facebook. It gets users to download malware. |
| CryptoLocker | 2013-2014 | Trojan horse ransomware | Various ways including email | Users must pay a ransom to undo by a certain deadline. |
| Commwarrior | 2013-present | Symbian Bluetooth worm | Bluetooth and MMS | Spreads through MMS and Bluetooth to other devices. Little damage caused. |
| Reveton | 2012-2013 | Ransomware | Drive-by downloads | Locks computer and demands payment |
| Shamoon 2 | 2016-2017 | Wiper malware | Network shares | Overwrite and erase hard drives |
| XData | 2014-2020 | Ransomware | Email attachments | Encrypts Office files on network shares |
| Petya/NotPetya | 2016–2017 | Ransomware | MITM attacks | Disk wiping rather than encryption |
| WannaCry | 2017 | Ransomware | Exploiting SMB vulnerability | Encrypts files and demands Bitcoin |
| Trickbot | 2016-2020 | Banking trojan/botnet | Exploit kits | Installs backdoors for harvesting bank info |
| Emotet | 2014-2020 | Botnet | Phishing emails | Harvesting credentials and dropping malware |
| Ryuk | 2018-2020 | Ransomware | Trickbot and Emotet | Targeted ransomware attacks |
| RobbinHood | 2017-2020 | Ransomware | Exploiting remote access tools,production servers | |
| DanaBot | 2018-2020 | Banking trojan | Spam campaigns | Harvesting online banking credentials |
| GandCrab | 2018-2019 | Ransomware | Exploit kits | File encryption for ransom |
| Lazarus | 2009-2020 | APT malware | Targeted phishing/ trojans | Bank theft |
| DanaBot | 2018-2020 | Banking trojan | Spam campaigns | Harvesting online banking credentials |
| GandCrab | 2018-2019 | Ransomware | Exploit kits | File encryption for ransom |
| Lazarus | 2009-2020 | APT malware | Targeted phishing/ trojans | Bank theft |
| Triple X | 2021-2023 | Botnet | Phishing emails | Installs remote access trojans |
| Vicesky | 2019-2023 | Ransomware | Email phishing | Sensitive data theft and extortion |
| Quantum | 2022-2023 | RAT | Social engineering | Data theft and crypto mining |
| Deadbolt | 2022-2023 | Ransomware | Unsecured QNAP devices | Device encryption for payment |
| ZuoRAT | 2021-2023 | Remote access trojan | Spear phishing | Surveillance and data theft |
This expansive table covers the history of notable computer viruses, worms, and other malware from 1971 through 2023. As you can see, malicious software has evolved dramatically from early experimental viruses like Creeper and Elk Cloner to the highly sophisticated cyberthreats facing us today.
Over the decades, viruses and worms have multiplied and become more damaging as personal computing and the internet grew exponentially. Mass-mailing worms like Melissa, ILOVEYOU, and Anna Kournikova caused worldwide havoc by overloading email servers and wreaking technical trouble. Later came more advanced threats like Conficker, CryptoLocker, and WannaCry which turned infected computers into botnet armies and encrypted files for ransom.
Modern malware leverages social engineering and vulnerabilities in popular software to carry out attacks. Trojans often pose as legitimate programs and rely on users unknowingly installing them. Meanwhile polymorphic and metamorphic viruses constantly mutate to avoid detection. State-sponsored advanced persistent threats (APTs) present ongoing high-level cybersecurity challenges.
As cybercriminals grow more sophisticated, computer security must evolve as well. This threat landscape shows the increasing importance of antivirus software, firewalls, updates and patches, backups, strong passwords, and cyber hygiene education. Both individual users and organizations must remain vigilant against the cybersecurity dangers posed by malware. Understanding this history helps frame the escalating arms race between black-hat hackers and cyber defenders.
For protection from these threats and others, see our Antivirus Mega Review Roundup here.
