Printer Friendly

Top 10 Worst Computer Worms of All Time

The Internet is an Internet lover's paradise, a gamer's haven, a business's lifeline, and a hacker's playground. Over the past two decades, hundreds of worms have devastated the infrastructure of millions of computers around the world, causing billions of dollars of damage-and the life of the worm is far from over. Let's take a look at the last 20 years to see which of these worms have stood out from among the rest.

Photo by Isaac Mao. Its name comes from the city in which it was first detected, the city of Jerusalem.

The worm, which infects DOS, increases the file size of all files run within DOS (with the exception of COMMAND.COM).

Jerusalem is a variant of the Suriv virus, which also deletes files at random periods during the year (April Fool's Day and/or Friday the 13th depending on the variant). The Jerusalem worm inspired a host of similar worms that grow by a specified file size when executed. Another variant, Frère, plays the song Frère Jacques on the 13th day of the month.

While Jerusalem and its relatives were quite common in their day, they became less of a threat when Windows was introduced.

9. Michelangelo

In 1991, thousands of machines running MS-DOS were hit by a new worm, one which was scheduled to be activated on the artist Michelangelo's birthday (March 6th). On that day, the virus would overwrite the hard disk or change the master boot record of infected hosts.

When the worm came to mainstream attention, mass hysteria reigned and millions of computers were believed to be at risk. After March 6th, however, it was realized that the damage was minimal. Only 10,000 to 20,000 cases of data loss were reported.

Ironically, however, because of the media hype, the period before March 6, 1992 became known as "Michelangelo Madness," with users buying anti-virus software in droves, some for the very first time. In a way, the "madness" led many people to prepare for the outbreak and helped minimize the actual damage caused by the worm.

Photo by TresspassersWill One of the newest worms to hit the Internet was the Storm Worm, which debuted in January of 2007. Its name came from a widely circulated email about the Kyrill and the computers that are part of the botnet are consistently being updated with the fast flux DNS technique. Consequently, it has been difficult for infected machines to be isolated and cleaned.

7. Sobig

In 2003, millions of computers were infected with the Sobig worm and its variants. The worm was disguised as a benign email. The attachment was often a *.pif or *.scr file that would infect any host if downloaded and executed. Sobig-infected hosts would then activate their own SMTP host, gathering email addresses and continually propagating through additional messages.

Sobig depended heavily on public websites to execute additional stages of the virus. Fortunately, in earlier cases, these sites were shut down after the discovery of the worm. Later, when Geocities was found to be the primary hosting point for Sobig variants, the worm would instead communicate with cable modems that were hacked that would later serve as another stage in the worm's execution.

Photo by Mot (Trivial File Transfer Protocol) server and downloaded code onto the infected host. Within several hours of its discovery, it had hit nearly 7,000 computers. Six months later, over 25 million hosts were known to be infected. The Windows Blaster Worm Removal Tool was finally launched by Microsoft in January of 2004 to remove traces of the worm.

Photo by malpractice for 20 months and fined $5,000.

4. Code Red

Friday the 13th was a bad day in July of 2001; it was the day Code Red was released. The worm took advantage of a buffer overflow vulnerability in Microsoft IIS servers and would self-replicate by exploiting the same vulnerability in other Microsoft IIS machines. Web servers infected by the Code Red worm would display the following message:
HELLO! Welcome to! Hacked By Chinese!
After 20 to 27 days, infected machines would attempt to launch a denial of service on many IP addresses, including the IP address of

Photo by star5112 service. The consequences were heavy: all web related files were appended with Javascript that allowed further propagation of the worm, users' drives were shared without their consent, and "Guest" user accounts with Administrator privileges were created and enabled.

A market research firm estimated that Nimda caused $530 million in damages after only one week of propagation.

Photo by eggrollboy.vbs, started a worm that spread like wildfire by accessing email addresses found in users' Outlook contact lists. Unsuspecting recipients, believing the email to be benign, would execute the document only to have most of their files overwritten.

Photo by MotorBoat4107 that include imprisonment for 6 months to 3 years and a fine of at least 100,000 pesos (USD $2000).

1. Morris Worm (also known as the Great Worm)

How big is the Internet, you ask? In 1988, Cornell University student named Robert Tappan Morris launched 99 lines of code in his quest for the answer. While his intentions were not malicious, there were bugs in his code that caused affected hosts to encounter a plethora of stability problems that effectively made these systems unusable. The result was increased load averages on over 6,000 UNIX machines across the country which caused between $10,000,000 and $100,000,000 of damage.

Copyright (c) 2007 Free Online Library
No portion of this article can be reproduced without the express written permission from the copyright holder.

Article Details
Printer friendly Cite/link Email Feedback
Geographic Code:1USA
Date:Nov 21, 2007

Related Articles
Criminal investigation secrets leak onto internet.
Data breach incidents: don't assume a breach has happened before an investigation has been done.
Electronic attackers: computer crimes keep government and industry on the defensive.
IBM report: stealthy, targeted online attacks continue to grow in 2007.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters