List of computer worms

Last updated

NameAlias(es)TypeSubtypeIsolation dateOriginAuthorFunctions and notes
Badtrans Badtrans.29020, Badtrans.B, Badtrans.A,

I-Worm.BadtransII, Badtrans.gen

Mass mailerTrojanNovember 24, 2001 [1] Poland [2] UnknownInstalled a keylogger; distributed logged information (such as passwords, usernames, etc.) to one of 22 emails.
Bagle Beagle, Mitglieder, Lodeight, Trojan.DL.BagleMass mailerTrojanJanuary 18, 2004UnknownUnknownSpread by email; certain variants had no subject and no text. [3] Allowed attacker to access computers that were infected.
Blaster Lovesan, MSBLASTMass DoS attacksLogic bomb (payload set to activate August 15)August 11, 2003 Hopkins, Minnesota Jeffrey Lee Parson [4] Widespread DDoS attacks targeted toward Bill Gates; contained message "billy gates why do you make this

possible ? Stop making money and fix your software!!"[sic]. Caused over US$300,000,000 in damages, mostly to American infrastructure. [5]

Brontok W32.Rontokbro@mm, BackDoor.Generic.1138, Worm.Mytob.GHOctober 3, 2005 Indonesia Spread through an Indonesian e-mail headed with "stop the collapse in this country"; destroys firewalls.
BuluBebek W32/VBWorm.QXEOctober 10, 2008
Code Red DoS payload, Defacement payloadJuly 2001Exploited Microsoft Internet Information Services to deface web pages and DOS a few set IPs.
Code Red II August 4, 2001Exploited Microsoft Internet Information Server security holes.
Conficker Downup, Downadup, KidoNovember 21, 2008
Daprosy Worm Worm.Win32.VB.arz, W32.Autorun.worm.h, W32/Autorun-AMS, Worm:Win32/Autorun.UDTrojanMass mailerJuly 15, 2009Replaces folders with .EXE's, key logger, slow mass mailer.
Dabber W32/Dabber-C, W32/Dabber.AMay 14, 2004
Doomjuice February 11, 2004Attack computers that had previously been infected by the Mydoom worm.
ExploreZip I-Worm.ZippedFilesJune 6, 1999Spread through zipped documents in a spam e-mail.
Father Christmas HI.COMDecember 1988
Hybris Snow White, Full Moon, Vecna.22528December 11, 2000 Brazil VecnaSpread through an e-mail from "haha@sexyfun.net".
ILOVEYOU Loveletter, LoveBugWormMay 4, 2000 Manila, Philippines
Kak worm October 22, 1999On the first day of any month, if the time was after 5 pm, Kak displayed a popup message box that read: "Driver Memory Error - Kagou-Anti-Kro$oft says not today !" Dismissing it would reboot the computer and then display the message again.
Klez October 2001
Koobface December 2008Targeted MySpace and Facebook users with a heading of "Happy Holidays".
Leap-A Oompa-LoompaTrojan wormFebruary 14, 2006Most known for being the first virus targeting Mac computers.
Morris November 2, 1988 Robert Tappan Morris Widely considered to be the first computer worm. Although created for academic purposes, the negligence of the author unintentionally caused the worm to act as a denial of service attack. It spread by exploiting known vulnerabilities in UNIX-based systems, cracked weak passwords, and periodically altered its process ID to avoid detection by system operators.
Mydoom W32.MyDoom@mm, Novarg, Mimail.R, ShimgapiJanuary 26, 2004Fastest-spreading e-mail worm known; used to attack SCO Group
Mylife W32.MyLife.C@mmMass mailerTrojan (some variants)April 2, 2002Mass deletes files on infected computers. Certain variants show a caricature of U.S. President Bill Clinton. [6]
Navidad [7] Emmanuel, W32.WachitMass mailerTrojanDecember 1, 2000 [8] South AmericaUnknownEmail appears to be in reply to someone the target has messages prior. [7] Messages created by the virus are written entirely in Spanish. [9]
Netsky February 18, 2004 Germany Sven Jaschan
Nimda September 2001Originally suspected to be connected to Al Qaeda because of release date; uses multiple infection vectors.
Psyb0t Network BluepillJanuary 2009
Sadmind May 8, 2001
Sasser Big OneApril 30, 2004 Sven Jaschan Network worm. At startup, it kills the process lsass.exe, a windows process which handles file permissions. Killing lsass causes the computer to reboot one minute later, which would cause sasser to run again. This would continue in an infinite loop until the computer is shut down manually.
Sircam Spread through e-mail with text like "I send you this file in order to have your advice."
Sober CME-681, WORM_SOBER.AGOctober 24, 2003 Germany, possibly from National Democratic Party of Germany Was disguised as e-mail from United States government.
Sobig August 2003
SQL Slammer DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammerCaused global Internet slowdown.
Stuxnet Win32/StuxnetJune 2010First malware to attack SCADA systems.
Swen September 18, 2003
Toxbot 2005 The Netherlands Opened up a backdoor to allow command and control over the IRC network.
Upering Annoyer.B, SanyJuly 22, 2003
Voyager VoyagerWormOctober 31, 2005Targets Operating System running Oracle Databases.
W32.Alcra.F Win32/Alcan.IWormFebruary 17, 2006Propagated through file-share networks. [10]
W32/Bolgimo.worm
W32/IRCbot.worm W32/Checkout, W32.Mubla, W32/IRCBot-WB, and Backdoor.Win32.IRCBot.aaqTrojan WormBackdoorJune 1, 2007It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an IRC channel.
WANK OILZOctober 1989Spread a pacifist, anti-nuclear political message.
Welchia Nachia, NachiA helpful worm meant to install security patches and removes Blaster worm if the computer is infected by it.
Witty March 19, 2004Appeared very rapidly after announcement of Internet Security Systems vulnerability
Zotob Farid Essebar and Atilla Ekici

See also

Related Research Articles

Klez is a computer worm that propagates via e-mail. It first appeared in October 2001 and was originated in China. A number of variants of the worm exist.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

<span class="mw-page-title-main">Blaster (computer worm)</span> 2003 Windows computer worm

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

<span class="mw-page-title-main">Mydoom</span> Self-replicating malware program that spread by email

Mydoom was a computer worm that targeted computers running Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2024 has yet to be surpassed.

Bagle was a mass-mailing computer worm affecting Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, was considerably more virulent.

Agobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer also known for leaking Half-Life 2 a year before release, was responsible for writing the first version. The Agobot source code describes it as: “a modular IRC bot for Win32 / Linux”. Agobot was released under version 2 of the GNU General Public License. Agobot is a multi-threaded and mostly object oriented program written in C++ as well as a small amount of assembly. Agobot is an example of a Botnet that requires little or no programming knowledge to use.

Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.

The Sober worm is a family of computer worms that was discovered on October 24, 2003. Like many worms, Sober sends itself as an e-mail attachment, fake webpages, fake pop-up ads, and fake advertisements.

The Nimda virus is a malicious file-infecting computer worm.

W32.Navidad is a mass-mailing worm program or virus, discovered in December 2000 that ran on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It was designed to spread through email clients such as Microsoft Outlook while masquerading as an executable electronic Christmas card. Infected computers can be identified by blue eye icons which appear in the Windows system tray.

Brontok is a computer worm running on Microsoft Windows. It is able to disperse by e-mail. Variants include:

RavMonE, also known as RJump, is a Trojan that opens a backdoor on computers running Microsoft Windows. Once a computer is infected, the virus allows unauthorized users to gain access to the computer's contents. This poses a security risk for the infected machine's user, as the attacker can steal personal information, and use the computer as an access point into an internal network.

Stration is a family of computer worms that can affect computers running Microsoft Windows, disabling security features and propagating itself to other computers via e-mail attachments. This family of worms is unusual in that new variants are being produced at an unprecedented rate, estimated to be up to one every 30 minutes at its peak, and downloaded from remote servers by infected machines to speed propagation. This makes detection and removal a particular challenge for anti-virus software vendors, because new signature files for each variant need to be issued to allow their software to detect them.

<span class="mw-page-title-main">Storm Worm</span> Backdoor Trojan horse found in Windows

The Storm Worm is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:

<span class="mw-page-title-main">Mylife (computer worm)</span> Computer worm

MyLife, discovered by MessageLabs in 2002, is a computer worm that spreads itself by sending email to the addresses found in Microsoft Outlook's contacts list. Written in Visual Basic, it displays an image of a girl holding a flower while it attempts to delete files with certain filename extensions. It is named for a phrase appearing in the subject lines of the emails it sends. A variant, MyLife.B, also called the Bill Clinton worm, instead uses a subject line "bill caricature" and displays a cartoon image of Bill Clinton playing a saxophone. Many additional variants have been reported. When the infected file is run, and the picture is closed, the worm runs its payload. MyLife checks the current date. If the minute value is higher or at 45, the worm searches the C:\ directory and deletes .SYS files, .COM files and the same in D:\ Drives.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites such as Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

The Pikachu virus, also referred to as Pokey or the Pokémon virus, was a computer worm believed to be the first malware geared at children, due to its incorporation of Pikachu, a creature from the Pokémon media franchise. It was considered similar to the Love Bug, albeit slower in its spread and less dangerous.

<span class="mw-page-title-main">Gruel (computer worm)</span> 2003 computer worm

Gruel, also referred to by F-Secure as Fakerr, was a worm first surfacing in 2003 targeting Microsoft Windows platforms such as Windows 9x, Windows ME, Windows 2000 and Windows XP. It spread via email and file sharing networks.

References

  1. "Virus'". ecsis.ecsis.net. CTRL+F search term "Badtrans". Retrieved 2024-02-02.
  2. "Badtrans - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-02.
  3. admin-ectnews (2004-03-26). "Bagle.U Worm Spreads Despite Simplicity". TechNewsWorld. Retrieved 2024-02-02.
  4. "Minnesota Man Sentenced to 18 Months in Prison for Creating and Unleashing a Variant of the MS Blaster Computer Worm (January 28, 2005)". www.justice.gov. Retrieved 2024-02-03.
  5. "Blaster - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-03.
  6. Leyden, John. "Clinton worm variant makes fun of Sharon". www.theregister.com. Retrieved 2024-02-04.
  7. 1 2 "Navidad - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-02.
  8. Stan, Michael (December 1, 2000). "The "W32.Navidad@M" Worm". giac.org. Archived from the original on February 2, 2024. Retrieved February 2, 2024. Alt URL
  9. staff, CBSNews com staff CBSNews com (2000-11-10). "A Not-So-Feliz 'Navidad' - CBS News". www.cbsnews.com. Retrieved 2024-02-04.
  10. "W32.Alcra.F". Symantec. Archived from the original on August 26, 2006. Retrieved 20 October 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.