Comparison of computer viruses

Last updated October 06, 2024

Creating a unified list of computer viruses is challenging due to inconsistent naming conventions. To combat computer viruses and other malicious software, many security advisory organizations and anti-virus software developers compile and publish virus lists. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. Since anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names have been used to denote the same virus.

Ambiguity in virus naming arises when a newly identified virus is later found to be a variant of an existing one, often resulting in renaming. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not to be in active circulation (also called "zoo viruses"). The sizes are vastly different: in-the-wild lists contain a hundred viruses but full lists contain tens of thousands.

Comparison of viruses and related programs

Virus	Alias(es)	Types	Subtype	Isolation date	Isolation	Origin	Author	Notes
1260	V2Px	DOS	Polymorphic ^[1]	1990				First virus family to use polymorphic encryption
4K	4096	DOS		1990-01				The first known MS-DOS-file-infector to use stealth
5lo		DOS		1992-10				Infects .EXE files only
Abraxas	Abraxas5	DOS, Windows 95, 98	^[1]	1993-04	Europe		ARCV group	Infects COM file. Disk directory listing will be set to the system date and time when infection occurred.
Acid	Acid.670, Acid.670a, Avatar.Acid.670, Keeper.Acid.670	DOS, Windows 95, 98		1992			Corp-$MZU	Infects COM file. Disk directory listing will not be altered.
Acme		DOS, Windows 95 DOS		1992				Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABC	ABC-2378, ABC.2378, ABC.2905	DOS		1992-10				ABC causes keystrokes on the compromised machine to be repeated.
Actifed		DOS
Ada		DOS		1991-10		Argentina		The Ada virus mainly targets .COM files, specifically COMMAND.COM.
AGI-Plan	Month 4-6	DOS			Mülheim			AGI-Plan is notable for reappearing in South Africa in what appeared to be an intentional re-release.
AI		DOS
AIDS	AIDSB, Hahaha, Taunt	DOS		1990				AIDS is the first virus known to exploit the DOS "corresponding file" vulnerability.
AIDS II		DOS		circa 1990
Alabama	Alabama.B	DOS		1989-10		Hebrew University, Jerusalem		Files infected by Alabama increase in size by 1,560 bytes.
Alcon ^[1]	RSY, Kendesm, Ken&Desmond, Ether	DOS		1997-12				Overwrites random information on disk causing damage over time.
Ambulance		DOS		June 1990
Anna Kournikova		Email VBScript		2001-02-11		Sneek, Netherlands	Jan de Wit	A Dutch court stated that US$166,000 in damages was caused by the worm.
ANTI	ANTI-A, ANTI-ANGE, ANTI-B, Anti-Variant	Classic Mac OS		1989-02	France			The first Mac OS virus not to create additional resources; instead, it patches existing CODE resources.
AntiCMOS		DOS		January 1994 – 1995				Due to a bug in the virus code, the virus fails to erase CMOS information as intended.
ARCV-n		DOS		1992-10/1992-11		England, United Kingdom	ARCV Group	ARCV-n is a term for a large family of viruses written by the ARCV group.
Alureon	TDL-4, TDL-1, TDL-2, TDL-3, TDL-TDSS	Windows	Botnet	2007		Estonia	JD virus
Autostart	Autostart.A—D	Classic Mac OS		1998	Hong Kong	China
Bomber	CommanderBomber	DOS				Bulgaria		Polymorphic virus which infects systems by inserting fragments of its code randomly into executable files.
Brain	Pakistani flu	DOS	Boot sector virus	1986-01		Lahore, Pakistan	Basit and Amjad Farooq Alvi	Considered to be the first computer virus for the PC
Byte Bandit		Amiga	Boot sector virus	1988-01			Swiss Cracking Association	It was one of the most feared Amiga viruses until the infamous Lamer Exterminator.
CDEF		Classic Mac OS		1990.08		Ithaca, New York		Cdef arrives on a system from an infected Desktop file on removable media. It does not infect any Macintosh systems beyond OS6.
Christmas Tree			Worm	1987-12		Germany
CIH	Chernobyl, Spacefiller	Windows 95, 98, Me		1998-06	Taiwan	Taiwan	Chen ing-Hau	Activates on April 26, in which it destroys partition tables, and tries to overwrite the BIOS.
Commwarrior		Symbian Bluetooth worm						Famous for being the first worm to spread via MMS and Bluetooth.
Creeper		TENEX operating system	Worm	1971			Bob Thomas	An experimental self-replicating program which gained access via the ARPANET and copied itself to the remote system.
Eliza		DOS		1991-12
Elk Cloner		Apple II		1982	Mt. Lebanon, Pennsylvania	Mt. Lebanon, Pennsylvania	Rich Skrenta	The first virus observed "in the wild"
Esperanto	Esperanto.4733	DOS, MS Windows, Classic Mac OS		1997.11	Spain	Spain	Mister Sandman	First multi-processor virus. The virus is capable of infecting files on computers running Microsoft Windows and DOS on the x86 processor and MacOS, whether they are on a Motorola or PowerPC processor.
Fakesysdef				2010				Trojan targeting the Microsoft Windows operating system. Dispersed as an application called "HDD Defragmenter", a fake system defragmenter.
Form		DOS		1990	Switzerland			A very common boot virus, triggers on the 18th of any month.
Fun		Windows		2008				It registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express
Graybird	Backdoor.GrayBird, BackDoor-ARR	Windows	Trojan Horse	2003-02-04
Hare		DOS, Windows 95, Windows 98		1996-08				Famous for press coverage which blew its destructiveness out of proportion
ILOVEYOU		Microsoft	Worm	2000-05-05		Manila, Philippines	Michael Buen, Onel de Guzman	Computer worm that attacked tens of millions of Windows personal computers
INIT 1984		Classic Mac OS		1992-03-13	Ireland			Malicious, triggered on Friday the 13th. Init1984 works on Classic Mac OS System 6 and 7.
Jerusalem		DOS		1987-10				Jerusalem was initially very common and spawned a large number of variants.
Kama Sutra	Blackworm, Nyxem, and Blackmal			2006-01-16				Designed to destroy common files such as Microsoft Word, Excel, and PowerPoint documents.
Koko		DOS		1991-03				The payload of this virus activates on July 29 and February 15 and may erase data on the users hard drive
Lamer Exterminator		Amiga	Boot sector virus	1989-10		Germany		Random encryption, fills random sector with "LAMER"
MacMag	Drew, Bradow, Aldus, Peace	Classic Mac OS		1987-12		United States		Products (not necessarily the Classic Mac OS) were infected with the first actual virus.
MDEF	Garfield, Top Cat	Classic Mac OS		1990-05-15		Ithaca, New York		Infects menu definition resource fork files. Mdef infects all Classic Mac OS versions from 4.1 to 6.
Melissa	Mailissa, Simpsons, Kwyjibo, Kwejeebo	Microsoft Word macro virus		1999-03-26		New Jersey	David L. Smith	Part macro virus and part worm. Melissa, a MS Word-based macro that replicates itself through e-mail.
Mirai		Internet of Things	DDoS	2016
Michelangelo		DOS		1991-02-04	Australia			Ran March 6 (Michelangelo's birthday)
Mydoom	Novarg, Mimail, Shimgapi	Windows	Worm	2004-01-26	World	Russia		Mydoom was the world's fastest spreading computer worm to date, surpassing Sobig, and the ILOVEYOU computer worms, yet it was used to DDoS servers.
Navidad		Windows	Mass-mailer worm	2000-12		South America
Natas	Natas.4740, Natas.4744, Natas.4774, Natas.4988	DOS	Multipartite, stealth, polymorphic	1994.06	Mexico City	United States	Priest (AKA Little Loc)
nVIR	MODM, nCAM, nFLU, kOOL, Hpat, Jude, Mev#, nVIR.B	Classic Mac OS		1987-12		United States		nVIR has been known to 'hybridize' with different variants of nVIR on the same machine.
Oompa	Leap	Mac OSX	Worm	2006.02.10				First worm for Mac OSX. It propagates through iChat, an instant message client for Macintosh operating systems. Whether Oompa is a worm has been controversial. Some believe it is a trojan.
OneHalf	Slovak Bomber, Freelove or Explosion-II	DOS		1994		Slovakia	Vyvojar	It is also known as one of the first viruses to implement a technique of "patchy infection"
NoEscape.exe		Windows
Ontario.1024
Ontario.2048
Ontario	SBC	DOS		1990-07		Ontario	"Death Angel"
Petya	GoldenEye, NotPetya	Windows	Trojan horse	2016	Ukraine	Russia		Total damages brought about by NotPetya to more than $10 billion.
Pikachu virus				2000-06-28		Asia		The Pikachu virus is believed to be the first computer virus geared at children.
Ping-pong	Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruz	DOS	Boot sector virus	1988-03		Turin		Harmless to most computers
RavMonE.exe	RJump.A, Rajump, Jisx	Worm		2006-06-20				Once distributed in Apple iPods, but a Windows-only virus
SCA		Amiga	Boot sector virus	1987-11		Switzerland	Swiss Cracking Association	Puts a message on screen. Harmless except it might destroy a legitimate non-standard boot block.
Scores	Eric, Vult, NASA, San Jose Flu	Classic Mac OS		1988.04	United States	Fort Worth, Texas	Donald D. Burleson	Designed to attack two specific applications which were never released.
Scott's Valley		DOS		1990-09	Scotts Valley, California			Infected files will contain the seemingly meaningless hex string 5E8BDE909081C63200B912082E.
SevenDust	666, MDEF, 9806, Graphics Accelerator, SevenD, SevenDust.B—G	Classic Mac OS	Polymorphic	1989-06
Marker	Shankar's Virus, Marker.C, Marker.O, Marker.Q, Marker.X, Marker.AQ, Marker.BN, Marker.BO, Marker.DD, Marker.GR, W97M.Marker	MS Word	Polymorphic, Macro virus	1999-06-03			Sam Rogers	Infects Word Documents
Simile	Etap, MetaPHOR	Windows	Polymorphic				The Mental Driller	The metamorphic code accounts for around 90% of the virus' code
SMEG engine		DOS	Polymorphic	1994		United Kingdom	The Black Baron	Two viruses were created using the engine: Pathogen and Queeg.
Stoned		DOS	Boot sector virus	1987	Wellington			One of the earliest and most prevalent boot sector viruses
Jerusalem	Sunday, Jerusalem-113, Jeruspain, Suriv, Sat13, FuManchu	DOS	File virus	1987-10	Seattle			Virus coders created many variants of the virus, making Jerusalem one of the largest families of viruses ever created. It even includes many sub-variants and a few sub-sub-variants.
WannaCry	WannaCrypt, WannaCryptor	Windows	Ransomware Cryptoworm	2017	World	North Korea
WDEF	WDEF A	Classic Mac OS		1989.12.15				Given the unique nature of the virus, its origin is uncertain.
Whale		DOS	Polymorphic	1990-07-01		Hamburg	R Homer	At 9216 bytes, was for its time the largest virus ever discovered.
ZMist	ZMistfall, Zombie.Mistfall	Windows		2001		Russia	Z0mbie	It was the first virus to use a technique known as "code integration".
Xafecopy		Android	Trojan	2017
Zuc	Zuc.A., Zuc.B, Zuc.C	Classic Mac OS		1990.03	Italy	Italy

Related lists

Unusual subtypes

Notable instances

Conficker
Creeper virus - The first malware that ran on ARPANET
ILOVEYOU
Leap - Mac OS X Trojan horse
Shamoon a wiper virus with stolen digital certificates destroyed over 35,000 computers owned by Saudi Aramco.
Storm Worm - A Windows trojan horse that forms the Storm botnet
Stuxnet First destructive ICS-targeting Trojan which destroyed part of Iran's nuclear program. The virus destroyed the centrifuge components making it impossible to enrich uranium to weapons grade.

Similar software

Security topics

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows. Dating back to the first Adwares in 2000, Spybot scans the computer hard disk and/or RAM for malicious software.

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

SpySheriff is malware that disguises itself as anti-spyware software. It attempts to mislead the user with false security alerts, threatening them into buying the program. Like other rogue antiviruses, after producing a list of false threats, it prompts the user to pay to remove them. The software is particularly difficult to remove, since it nests its components in System Restore folders, and also blocks some system management tools. However, SpySheriff can be removed by an experienced user, antivirus software, or by using a rescue disk.

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a Trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005, but only started gaining attention in mid-2006.

SUPERAntiSpyware is a software application which can detect and remove spyware, adware, trojan horses, rogue security software, computer worms, rootkits, parasites and other potentially harmful software applications. Although it can detect various types of malware, SUPERAntiSpyware is not designed to replace antivirus software.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites such as Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software. The company and the individuals behind Bakasoftware operated under other different 'company' names, including Innovagest2000, Innovative Marketing Ukraine, Pandora Software, LocusSoftware, etc.

OSX.FlashBack, also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a Trojan horse affecting personal computer systems running Mac OS X. The first variant of Flashback was discovered by antivirus company Intego in September 2011.

References

1 2 3 Vincentas (11 July 2013). "Computer Viruses in SpyWareLoop.com". Spyware Loop. Archived from the original on 21 September 2013. Retrieved 28 July 2013.

External links

The WildList, by WildList Organization International
List of Computer Viruses - listing of the Latest Viruses by Symantec.
List of all viruses All viruses cataloged in Panda Security's Collective Intelligence servers.

Conclusion

Due to the continuous evolution of computer viruses and malware, virus naming conventions and classifications will continue to present challenges, making standardized virus databases essential for global cybersecurity.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[AAA-1] 1 2 3 Vincentas (11 July 2013). "Computer Viruses in SpyWareLoop.com". Spyware Loop. Archived from the original on 21 September 2013. Retrieved 28 July 2013.

[1]

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast