Comparison of computer viruses

Last updated

The compilation of a unified list of computer viruses is made difficult because of naming. To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names denote the same virus.

Contents

Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases, it is often renamed. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not to be in active circulation (also called "zoo viruses"). The sizes are vastly different: in-the-wild lists contain a hundred viruses but full lists contain tens of thousands.

VirusAlias(es)TypesSubtypeIsolation dateIsolationOriginAuthorNotes
1260 V2Px DOS Polymorphic [1] 1990First virus family to use polymorphic encryption
4K 4096DOS1990-01The first known MS-DOS-file-infector to use stealth
5lo DOS1992-10Infects .EXE files only
Abraxas Abraxas5DOS,
Windows 95, 98		 [1] 1993-04 Europe ARCV groupInfects COM file. Disk directory listing will be set to the system date and time when infection occurred.
Acid Acid.670, Acid.670a, Avatar.Acid.670, Keeper.Acid.670DOS,
Windows 95, 98		1992Corp-$MZUInfects COM file. Disk directory listing will not be altered.
Acme DOS,
Windows 95 DOS		1992Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABC ABC-2378, ABC.2378, ABC.2905DOS1992-10ABC causes keystrokes on the compromised machine to be repeated.
Actifed DOS
Ada DOS1991-10 Argentina The Ada virus mainly targets .COM files, specifically COMMAND.COM.
AGI-Plan Month 4-6DOS Mülheim AGI-Plan is notable for reappearing in South Africa in what appeared to be an intentional re-release.
AI DOS
AIDS AIDSB, Hahaha, TauntDOS1990AIDS is the first virus known to exploit the DOS "corresponding file" vulnerability.
AIDS II DOScirca 1990
Alabama Alabama.BDOS1989-10 Hebrew University, JerusalemFiles infected by Alabama increase in size by 1,560 bytes.
Alcon [1] RSY, Kendesm, Ken&Desmond, EtherDOS1997-12Overwrites random information on disk causing damage over time.
Ambulance DOSJune,1990
Anna Kournikova Email
VBScript 		2001-02-11 Sneek, NetherlandsJan de WitA Dutch court stated that US$166,000 in damages was caused by the worm.
ANTI ANTI-A, ANTI-ANGE, ANTI-B, Anti-VariantClassic Mac OS1989-02 France The first Mac OS virus not to create additional resources; instead, it patches existing CODE resources.
AntiCMOS DOSJanuary 1994 – 1995Due to a bug in the virus code, the virus fails to erase CMOS information as intended.
ARCV-n DOS1992-10/1992-11 England, United KingdomARCV GroupARCV-n is a term for a large family of viruses written by the ARCV group.
Alureon TDL-4, TDL-1, TDL-2, TDL-3, TDL-TDSSWindows Botnet 2007 Estonia JD virus
AutostartAutostart.A—DClassic Mac OS1998 Hong Kong China
Bomber CommanderBomberDOS Bulgaria Polymorphic virus which infects systems by inserting fragments of its code randomly into executable files.
Brain Pakistani flu DOSBoot sector virus1986-01 Lahore, Pakistan Basit and Amjad Farooq Alvi Considered to be the first computer virus for the PC
Byte Bandit AmigaBoot sector virus1988-01 Swiss Cracking Association It was one of the most feared Amiga viruses until the infamous Lamer Exterminator.
CDEFClassic Mac OS1990.08 Ithaca, New York Cdef arrives on a system from an infected Desktop file on removable media. It does not infect any Macintosh systems beyond OS6.
Christmas Tree Worm1987-12 Germany
CIH Chernobyl, Spacefiller Windows 95, 98, Me 1998-06 Taiwan Taiwan Chen ing-HauActivates on April 26, in which it destroys partition tables, and tries to overwrite the BIOS.
Commwarrior Symbian Bluetooth wormFamous for being the first worm to spread via MMS and Bluetooth.
Creeper TENEX operating system Worm1971Bob ThomasAn experimental self-replicating program which gained access via the ARPANET and copied itself to the remote system.
Eliza DOS1991-12
Elk Cloner Apple II 1982 Mt. Lebanon, Pennsylvania Mt. Lebanon, Pennsylvania Rich SkrentaThe first virus observed "in the wild"
Esperanto Esperanto.4733DOS, MS Windows, Classic Mac OS1997.11 Spain Spain Mister SandmanFirst multi-processor virus. The virus is capable of infecting files on computers running Microsoft Windows and DOS on the x86 processor and MacOS, whether they are on a Motorola or PowerPC processor.
Fakesysdef 2010 Trojan targeting the Microsoft Windows operating system. Dispersed as an application called "HDD Defragmenter", a fake system defragmenter.
Form DOS1990 Switzerland A very common boot virus, triggers on the 18th of any month.
Fun Windows2008It registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express
Graybird Backdoor.GrayBird, BackDoor-ARRWindowsTrojan Horse2003-02-04
Hare DOS,
Windows 95, Windows 98 		1996-08Famous for press coverage which blew its destructiveness out of proportion
ILOVEYOU MicrosoftWorm2000-05-05 Manila, Philippines Michael Buen, Onel de GuzmanComputer worm that attacked tens of millions of Windows personal computers
INIT 1984 Classic Mac OS1992-03-13 Ireland Malicious, triggered on Friday the 13th. Init1984 works on Classic Mac OS System 6 and 7.
Jerusalem DOS1987-10Jerusalem was initially very common and spawned a large number of variants.
Kama Sutra Blackworm, Nyxem, and Blackmal2006-01-16Designed to destroy common files such as Microsoft Word, Excel, and PowerPoint documents.
Koko DOS1991-03The payload of this virus activates on July 29 and February 15 and may erase data on the users hard drive
Lamer Exterminator AmigaBoot sector virus1989-10 Germany Random encryption, fills random sector with "LAMER"
MacMag Drew, Bradow, Aldus, PeaceClassic Mac OS1987-12 United States Products (not necessarily the Classic Mac OS) were infected with the first actual virus.
MDEF Garfield, Top CatClassic Mac OS1990-05-15
 Ithaca, New York Infects menu definition resource fork files. Mdef infects all Classic Mac OS versions from 4.1 to 6.
Melissa Mailissa, Simpsons, Kwyjibo, Kwejeebo Microsoft Word macro virus1999-03-26 New Jersey David L. SmithPart macro virus and part worm. Melissa, a MS Word-based macro that replicates itself through e-mail.
MiraiInternet of ThingsDDoS2016
Michelangelo DOS1991-02-04 Australia Ran March 6 (Michelangelo's birthday)
Mydoom Novarg, Mimail, ShimgapiWindowsWorm2004-01-26World Russia Mydoom was the world's fastest spreading computer worm to date, surpassing Sobig, and the ILOVEYOU computer worms, yet it was used to DDoS servers.
Navidad WindowsMass-mailer worm2000-12 South America
Natas Natas.4740, Natas.4744, Natas.4774, Natas.4988DOSMultipartite, stealth, polymorphic1994.06 Mexico City United States Priest (AKA Little Loc)
nVIR MODM, nCAM, nFLU, kOOL, Hpat, Jude, Mev#, nVIR.BClassic Mac OS1987-12 United States nVIR has been known to 'hybridize' with different variants of nVIR on the same machine.
OompaLeapMac OSXWorm2006.02.10First worm for Mac OSX. It propagates through iChat, an instant message client for Macintosh operating systems. Whether Oompa is a worm has been controversial. Some believe it is a trojan.
OneHalf Slovak Bomber, Freelove or Explosion-IIDOS1994 Slovakia VyvojarIt is also known as one of the first viruses to implement a technique of "patchy infection"
NoEscape.exeWindows
Ontario.1024
Ontario.2048
Ontario SBCDOS1990-07 Ontario "Death Angel"
Petya GoldenEye, NotPetyaWindowsTrojan horse2016 Ukraine Russia Total damages brought about by NotPetya to more than $10 billion.
Pikachu virus 2000-06-28 Asia The Pikachu virus is believed to be the first computer virus geared at children.
Ping-pong Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruzDOSBoot sector virus1988-03 Turin Harmless to most computers
RavMonE.exe RJump.A, Rajump, JisxWorm2006-06-20Once distributed in Apple iPods, but a Windows-only virus
SCA AmigaBoot sector virus1987-11 Switzerland Swiss Cracking Association Puts a message on screen. Harmless except it might destroy a legitimate non-standard boot block.
Scores Eric, Vult, NASA, San Jose Flu Classic Mac OS 1988.04 United States Fort Worth, Texas Donald D. BurlesonDesigned to attack two specific applications which were never released.
Scott's Valley DOS1990-09 Scotts Valley, California Infected files will contain the seemingly meaningless hex string 5E8BDE909081C63200B912082E.
SevenDust 666, MDEF, 9806, Graphics Accelerator, SevenD, SevenDust.B—GClassic Mac OSPolymorphic1989-06
MarkerShankar's Virus, Marker.C, Marker.O, Marker.Q, Marker.X, Marker.AQ, Marker.BN, Marker.BO, Marker.DD, Marker.GR, W97M.MarkerMS WordPolymorphic, Macro virus1999-06-03Sam RogersInfects Word Documents
Simile Etap, MetaPHORWindowsPolymorphicThe Mental DrillerThe metamorphic code accounts for around 90% of the virus' code
SMEG engine DOSPolymorphic1994 United Kingdom The Black BaronTwo viruses were created using the engine: Pathogen and Queeg.
Stoned DOSBoot sector virus1987 Wellington One of the earliest and most prevalent boot sector viruses
Jerusalem Sunday, Jerusalem-113, Jeruspain, Suriv, Sat13, FuManchuDOSFile virus1987-10 Seattle Virus coders created many variants of the virus, making Jerusalem one of the largest families of viruses ever created. It even includes many sub-variants and a few sub-sub-variants.
WannaCry WannaCrypt, WannaCryptorWindowsRansomware Cryptoworm2017World North Korea
WDEFWDEF AClassic Mac OS1989.12.15Given the unique nature of the virus, its origin is uncertain.
Whale DOSPolymorphic1990-07-01 Hamburg R HomerAt 9216 bytes, was for its time the largest virus ever discovered.
ZMist ZMistfall, Zombie.MistfallWindows2001 Russia Z0mbieIt was the first virus to use a technique known as "code integration".
Xafecopy AndroidTrojan2017
ZucZuc.A., Zuc.B, Zuc.CClassic Mac OS1990.03 Italy Italy

Unusual subtypes

Notable instances

Similar software

Security topics

See also

Related Research Articles

Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process. The software may generate two types of revenue: one is for the display of the advertisement and another on a "pay-per-click" basis, if the user clicks on the advertisement. Some advertisements also act as spyware, collecting and reporting data about the user, to be sold or used for targeted advertising or user profiling. The software may implement advertisements in a variety of ways, including a static box display, a banner display, a full screen, a video, a pop-up ad or in some other form. All forms of advertising carry health, ethical, privacy and security risks for users.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Spybot – Search & Destroy</span> Spyware removal software

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows. Dating back to the first Adwares in 2000, Spybot scans the computer hard disk and/or RAM for malicious software.

<span class="mw-page-title-main">Scareware</span> Malware designed to elicit fear, shock, or anxiety

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

<span class="mw-page-title-main">CA Anti-Spyware</span> Spyware detection program

CA Anti-Spyware is a spyware detection program distributed by CA, Inc. Until 2007, it was known as PestPatrol.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

ewido Networks

Ewido Networks was a digital data security software company based in Germany known for creating Ewido Anti-Spyware. Ewido Anti-Spyware was software used to remove malware such as spyware, trojan horses, adware, dialers, and worms.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">SpySheriff</span> Spyware

SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

ContraVirus is a rogue spyware application that poses as a legitimate anti-spyware program. The application uses a false scanner to force computer users to pay for the removal of non-existent spyware items. It may also be known as ExpertAntivirus.

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

SUPERAntiSpyware is a software application which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications. Although it can detect various types of malware, SUPERAntiSpyware is not designed to replace antivirus software.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

References

  1. 1 2 3 Vincentas (11 July 2013). "Computer Viruses in SpyWareLoop.com". Spyware Loop. Archived from the original on 21 September 2013. Retrieved 28 July 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.