The World's Worst Viruses
Earthworms are a boon to the backyard gardener and healers still use leeches to thin a sick patient's blood, but no good has ever come from a computer worm or virus. Computer viruses have become increasingly dangerous and quick-spreading in the last couple of years, wildly proliferating through cyberspace and causing billions of dollars in damage.
Some of the distinctions between different types of malicious code are now blurred, but the classic computer virus is a piece of sneaky code that tells your PC to do something that you usually wouldn't want it to do. Without your knowledge, a virus could wipe out the programs and data on your hard drive or even let someone take over your machine remotely. A virus replicates by embedding itself into programs or system files.
Worms are another type of devious program that, today, typically spread via e-mail or Internet chat programs. With the help of unprotected users' address books, worms such as Klez spread explosively--disrupting networks and businesses. The oldest worms didn't change system files or obliterate data. But as worms got more sophisticated, the newer ones started to behave more like viruses, doing considerable damage. For example, Klez can delete files and create the mechanism to run itself on system startup.
A third general classification of malevolent code is the Trojan horse. This destructive program poses as an innocent application or file, such as a screen saver or photo. Unlike worms and viruses, Trojan horses don't replicate.
Some viruses and worms won't destroy your data, while others do tremendous damage. For example, the LoveLetter virus overwrote files and inserted viral code on hard drives around the globe two years ago.
"As far as what [virus writers] can do, the sky is the limit," says April Goostree, virus manager for McAfee.com. "In the antivirus industry, we never say 'never' anymore. Because as soon as you do, you are going to be proven wrong. It's anybody's guess about what the next virus will do."
Here's a look at ten of the most malignant viruses and worms of all time.
Sircam appeared in July 2001 on PCs running Windows 95, 98, and Me. The
worm appeared in e-mail in-boxes with an attachment; the body of the message
was in Spanish or English. Typical greetings included "Hi! How are you?" and
"Hola como estas?" If you launched the attachment, Sircam installed itself on
the infected computer, then grabbed random documents and sent them out to
e-mail addresses it captured from your address book. It also occasionally
deleted files and filled the infected computer's hard drive with gibberish.
Code Red burned brightly in the summer of 2001, infecting hundreds of thousands of computers--mainly on corporate networks. Code Red slithered through a hole in Internet Information Server (IIS) software, which is widely used to power Internet servers, then scanned the Internet for vulnerable systems to infect and continue the process. The worm used contaminated PCs as weapons in denial of service attacks--flooding a Web site with a barrage of information requests. The original target was the official White House Web site, but government officials changed the site's IP address to thwart the attack.
The worm exploited a weakness in the IIS software (which has since been
fixed with a patch from Microsoft) that allowed an intruder to run arbitrary
code on a victimized computer. Multiple variants of this worm now exist. Visit
Benjamin--a new breed of worm--was let loose in May 2002, and it
affected users of the popular file-sharing program Kazaa. The crafty worm posed
as popular music and movie files. Kazaa users thought they were downloading a
media file to their machines, but they got the imposter instead. It then set up
a Kazaa share folder and stuffed it with copies of itself posing as popular
music and movie files, which other Kazaa users would download. It congested the
system's network connection and would ultimately fill up a hard drive. Visit
Nimda (also known as the Concept Virus) appeared in September 2001,
attacking tens of thousands of servers and hundreds of thousands of PCs. The
worm modified Web documents and executable files, then created numerous copies
of itself. The worm spread as an embedded attachment in an HTML e-mail message
that would execute as soon as the recipient opened the message (unlike the
typical attached virus that requires manual launching of the attachment). It
also moved via server-to-server Web traffic, infected shared hard drives on
networks, and downloaded itself to users browsing Web pages hosted on infected
servers. Nimda soon inspired a crowd of imitators that followed the same
The Anna Kournikova (or VBS.SST@mm) worm, appearing in February 2001,
didn't cause data loss, although in the process of boosting the profile of its
namesake, the Russian tennis player, it did cause embarrassment and disruption
for many personal and business users. The worm showed up in Microsoft Outlook
users' e-mail in-boxes with an attachment (supposedly a picture of Kournikova).
The attachment proved hard to resist. The result? Clicking the bogus attachment
sent copies of the worm via e-mail to all addresses found in the victim's
Outlook address book. Kournikova also brought about a number of copycat
Most worm creators have never been identified, but a 21-year-old Dutchman, Jan de Wit, admitted to unleashing this worm. The admitted virus writer is appealing a 150-hour community service sentence handed down in September 2001 by a judge in the Netherlands.
The Explorer.zip worm appeared in the summer of 1999, following in the footsteps of Melissa. The worm deleted Word, Excel, and PowerPoint files and randomly altered other types of files. Like Melissa (see below), Explorer traveled via e-mails that appeared to be from someone the recipient knew. The message included a file that, if activated, showed a fake error message to the user. Unlike Melissa, this virus did not use Outlook to gather e-mail addresses. Instead, it watched the in-box of the infected computer and then sent automatic replies to senders, using the same e-mail subject as the original message.
Magistr is one of the most complex viruses to hit the Internet. Its
victims, users of Outlook Express, were hooked by an infected e-mail
attachment. The virus, discovered in mid-March 2001, sent garbled messages to
everyone in the infected user's e-mail address book. Attached were files pulled
at random from the infected PC's hard drive plus an executable file with the
Magistr code. This virus was not as widespread as many others, but it was very
destructive. Magistr overwrites hard drives and erases CMOS and the flashable
BIOS, preventing systems from booting. It also contained antidebugging
features, making it hard to detect and destroy. Visit
The Melissa virus swamped corporate networks with a tidal wave of e-mail messages in March 1999. Through Microsoft Outlook, when a user opened an e-mail message containing an infected Word attachment, the virus was sent to the first 50 names in the user's address book. The e-mail fooled many recipients because it bore the name of someone the recipient knew and referred to a document they had allegedly requested.
So much e-mail traffic was generated so quickly that companies like
Intel and Microsoft had to turn off their e-mail servers. The Melissa virus was
the first virus capable of hopping from one machine to another on its own. And
it's another good example of a virus with multiple variants. Visit
The Klez worm, which blends different virus traits, was first detected
in October 2001. Klez distributes itself like a virus, but sometimes acts like
a worm, other times like a Trojan horse. Klez isn't as destructive as other
worms, but it is widespread, hard to exterminate--and still active. In fact, so
far, no other virus has stayed in circulation quite like Klez. It spreads via
open networks and e-mail--regardless of the e-mail program you use. Klez
sometimes masquerades as a worm-removal tool. It may corrupt files and disable
antivirus products. It pilfers data from a victim's e-mail address book, mixing
and matching new senders and recipients for a new round of infection. Visit
LoveLetter is the worm everyone learned to hate in spring 2000. The
infection affected millions of computers and caused more damage than any other
computer virus to date. Users were infected via e-mail, through Internet chat
systems, and through other shared file systems. The worm sent copies of itself
via Microsoft Outlook's address book entries. The mail included an executable
file attachment with the e-mail subject line, "ILOVEYOU." The worm had the
ability to overwrite several types of files, including .gif and .jpg files. It
modified the Internet Explorer start page and changed Registry keys. It also
moved other files and hid MP3 files on affected systems. Visit
The best defense against virus attacks is a good offense. Without proper protection, computer worms can spread like wildfire. From minor annoyances to major epidemics meant to cripple giant Web sites, these tenacious trespassers cost us billions of dollars. Here are several tips to help you keep these troublemakers at bay.