| Name | Alias(es) | Type | Subtype | Isolation date | Origin | Author | Functions and notes |
|---|
| Badtrans | Badtrans.29020, Badtrans.B, Badtrans.A, I-Worm.BadtransII, Badtrans.gen | Mass mailer | Trojan | November 24, 2001 [1] | Poland [2] | Unknown | Installed a keylogger; distributed logged information (such as passwords, usernames, etc.) to one of 22 emails. |
| Bagle | Beagle, Mitglieder, Lodeight, Trojan.DL.Bagle | Mass mailer | Trojan | January 18, 2004 | Unknown | Unknown | Spread by email; certain variants had no subject and no text. [3] Allowed attacker to access computers that were infected. |
| Blaster | Lovesan, MSBLAST | Mass DoS attacks | Logic bomb (payload set to activate August 15) | August 11, 2003 | Hopkins, Minnesota | Jeffrey Lee Parson [4] | Widespread DDoS attacks targeted toward Bill Gates; contained message "billy gates why do you make this possible ? Stop making money and fix your software!!"[sic]. Caused over US$300,000,000 in damages, mostly to American infrastructure. [5] |
| Brontok | W32.Rontokbro@mm, BackDoor.Generic.1138, Worm.Mytob.GH | | | October 3, 2005 | Indonesia | | Spread through an Indonesian e-mail headed with "stop the collapse in this country"; destroys firewalls. |
| BuluBebek | W32/VBWorm.QXE | | | October 10, 2008 | | | |
| Code Red | | DoS payload, Defacement payload | | July 2001 | | | Exploited Microsoft Internet Information Services to deface web pages and DOS a few set IPs. |
| Code Red II | | | | August 4, 2001 | | | Exploited Microsoft Internet Information Server security holes. |
| Conficker | Downup, Downadup, Kido | | | November 21, 2008 | | | |
| Daprosy Worm | Worm.Win32.VB.arz, W32.Autorun.worm.h, W32/Autorun-AMS, Worm:Win32/Autorun.UD | Trojan | Mass mailer | July 15, 2009 | | | Replaces folders with .EXE's, key logger, slow mass mailer. |
| Dabber | W32/Dabber-C, W32/Dabber.A | | | May 14, 2004 | | | |
| Doomjuice | | | | February 11, 2004 | | | Attack computers that had previously been infected by the Mydoom worm. |
| ExploreZip | I-Worm.ZippedFiles | | | June 6, 1999 | | | Spread through zipped documents in a spam e-mail. |
| Father Christmas | HI.COM | | | December 1988 | | | |
| Hybris | Snow White, Full Moon, Vecna.22528 | | | December 11, 2000 | Brazil | Vecna | Spread through an e-mail from "haha@sexyfun.net". |
| ILOVEYOU | Loveletter, LoveBug | Worm | | May 4, 2000 | Manila, Philippines | | |
| Kak worm | | | | October 22, 1999 | | | On the first day of any month, if the time was after 5 pm, Kak displayed a popup message box that read: "Driver Memory Error - Kagou-Anti-Kro$oft says not today !" Dismissing it would reboot the computer and then display the message again. |
| Klez | | | | October 2001 | | | |
| Koobface | | | | December 2008 | | | Targeted MySpace and Facebook users with a heading of "Happy Holidays". |
| Leap-A | Oompa-Loompa | Trojan worm | | February 14, 2006 | | | Most known for being the first virus targeting Mac computers. |
| Morris | | | | November 2, 1988 | | Robert Tappan Morris | Widely considered to be the first computer worm. Although created for academic purposes, the negligence of the author unintentionally caused the worm to act as a denial of service attack. It spread by exploiting known vulnerabilities in UNIX-based systems, cracked weak passwords, and periodically altered its process ID to avoid detection by system operators. |
| Mydoom | W32.MyDoom@mm, Novarg, Mimail.R, Shimgapi | | | January 26, 2004 | | | Fastest-spreading e-mail worm known; used to attack SCO Group |
| Mylife | W32.MyLife.C@mm | Mass mailer | Trojan (some variants) | April 2, 2002 | | | Mass deletes files on infected computers. Certain variants show a caricature of U.S. President Bill Clinton. [6] |
| Navidad [7] | Emmanuel, W32.Wachit | Mass mailer | Trojan | December 1, 2000 [8] | South America | Unknown | Email appears to be in reply to someone the target has messages prior. [7] Messages created by the virus are written entirely in Spanish. [9] |
| Netsky | | | | February 18, 2004 | Germany | Sven Jaschan | |
| Nimda | | | | September 2001 | | | Originally suspected to be connected to Al Qaeda because of release date; uses multiple infection vectors. |
| Psyb0t | Network Bluepill | | | January 2009 | | | |
| Sadmind | | | | May 8, 2001 | | | |
| Sasser | Big One | | | April 30, 2004 | | Sven Jaschan | Network worm. At startup, it kills the process lsass.exe, a windows process which handles file permissions. Killing lsass causes the computer to reboot one minute later, which would cause sasser to run again. This would continue in an infinite loop until the computer is shut down manually. |
| Sircam | | | | | | | Spread through e-mail with text like "I send you this file in order to have your advice." |
| Sober | CME-681, WORM_SOBER.AG | | | October 24, 2003 | Germany, possibly from National Democratic Party of Germany | | Was disguised as e-mail from United States government. |
| Sobig | | | | August 2003 | | | |
| SQL Slammer | DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammer | | | | | | Caused global Internet slowdown. |
| Stuxnet | Win32/Stuxnet | | | June 2010 | | | First malware to attack SCADA systems. |
| Swen | | | | September 18, 2003 | | | |
| Toxbot | | | | 2005 | The Netherlands | | Opened up a backdoor to allow command and control over the IRC network. |
| Upering | Annoyer.B, Sany | | | July 22, 2003 | | | |
| Voyager | Voyager | Worm | | October 31, 2005 | | | Targets Operating System running Oracle Databases. |
| W32.Alcra.F | Win32/Alcan.I | Worm | | February 17, 2006 | | | Propagated through file-share networks. [10] |
| W32/Bolgimo.worm | | | | | | | |
| W32/IRCbot.worm | W32/Checkout, W32.Mubla, W32/IRCBot-WB, and Backdoor.Win32.IRCBot.aaq | Trojan Worm | Backdoor | June 1, 2007 | | | It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an IRC channel. |
| WANK | OILZ | | | October 1989 | | | Spread a pacifist, anti-nuclear political message. |
| Welchia | Nachia, Nachi | | | | | | A helpful worm meant to install security patches and removes Blaster worm if the computer is infected by it. |
| Witty | | | | March 19, 2004 | | | Appeared very rapidly after announcement of Internet Security Systems vulnerability |
| Zotob | | | | | | Farid Essebar and Atilla Ekici | |
