Most Destructive Malware of All Time

By Lauren Sporck, associate, OPSWAT

All malware is inherently dangerous, but there are a few threats that stand out amongst the others when it comes to inflicting damage. We took a look at some of the most destructive malware of all time from traditional viruses, worms and Trojans to increasingly prevalent PUAs such as adware and spyware. This list, while covering most of the all-time worst threats, is not inclusive. For example, notable threats are not on this list such as the ILOVEYOU bug, although they also rank as highly destructive. How many of these threats do you remember?

1. My Doom Worm – 2004

The My Doom worm, known as one of the fastest spreading viruses in history, passes both the ILOVEYOU bug and SoBig worm in speed. It was transmitted via email and usually contained a variety of subject lines including, “Error”, “Mail Delivery System”, “Test” or “Mail Transaction Failed”. Though its creator still remains unknown, some speculate that it originated in Russia. The worm was first discovered and named by an employee at McAfee for the line, “mydom” that appeared in its code.

2. Superfish Adware – 2014

Superfish adware made its claim to fame through a class action lawsuit filed against Lenovo, the largest maker of PCs in the world. Superfish spyware came pre-installed on Lenovo machines without Lenovo customers being told of its existence. Superfish installed its own root certificate authority which allowed it to void SSL/TLS connections, creating an opening or “hole” for attackers. This exposed Lenovo users to potential cyber criminals while providing Superfish and Lenovo with a way to target unsuspecting users with tailored advertisements.

3. Code Red Worm – 2001

Code Red was a computer worm that affected almost 360,000 computers by targeting PCs that were running Microsoft’s IIS web server. The worm was first discovered by two eEye Digital Security employees and was named for the Code Red Mountain Dew they were drinking when they discovered it. The worm targeted a vulnerability in Microsoft’s IIS web server using a type of security software vulnerability called a buffer overflow.

4. Slammer Worm – 2003

In January of 2003, the Slammer worm struck 75,000 users with a DoS attack. The worm targeted a vulnerability found in Microsoft SQL and spread rapidly. Denial-of-service attacks are used by malware writers to overload a companies’ network with meaningless traffic, eventually causing the network to crash. Owen Maresh of Akamai is credited with being the first person to discover the destructive worm from Akamai’s Network Operations Control Center. At its height, the Slammer Worm sent 55 million database requests across the globe and is said to have spread within just 15 minutes, surpassing the speed of the Code Red Worm from 2001.

5. SoBig.F Worm – 2003

The SoBig.F Worm was a piece of malware that appeared only a few weeks before the Slammer worm mentioned above. The SoBig.F worm entered a device via email, which if opened could search the infected computer for additional email addresses, then sending messages to those aliases. The worm caused $37.1 Billion in damages and is credited with bringing down freight and computer traffic in Washington D.C, as well as Air Canada. Email subject lines used to entice users included, “Your details, Thank you!, “Re: Details, Re”, “Re: My details”, as well as various others. The speed at which the worm spread is said to surpass that of the ILOVEYOU virus and Anna Kournikova worm, both of which also spread via email. The worm’s creator still remains unknown.

6. CIH Virus – 1998

The CIH virus, also known as the “Chernobyl virus”, was named after the explosion of the nuclear plant in Russia because it was written to execute on the anniversary of the explosion. The virus worked by wiping data from the hard drives of infected devices and overwriting the BIOS chip within the computer, which rendered the device unusable. BIOS chips, originally manufactured by IBM for PCs, are a type of firmware used when a device is booted or turned on. This virus caused tremendous damage because the BIOS chip was not removable on many PCs, requiring the user to replace the entire motherboard. The virus was created by a student at the Taipei Tatung Institute of Technology, named Chen Ing Hau. Although the virus caused millions of dollars in damages, Chen was never imprisoned or fined and actually got a job at a software company through his resulting infamous creation.

7. Stuxnet Worm – 2010

The Stuxnet Worm entered devices through infected USB drives and thus had to be manually inserted into a device in order to spread. The dangerous thing about this particular virus, is that internet connectivity was not needed for it to spread, making it particularly fatal for critical infrastructure plants. Once on a device, the worm would then run a check to see if the infected device had access to industrial control systems. If it did, the worm would then take control of plant centrifuges, causing them to eventually fail. The main victims of Stuxnet’s payload were Iranian nuclear plants and a uranium enrichment plant. Although not verified, some believe that the United States and Israel were responsible for the creation of the worm, in order to hamper Iranian nuclear development.

8. Melissa Worm – 1999

The Melissa worm was a macro virus that caused millions of dollars in damages to infected PCs. The virus spread via email and was supposedly created by David L. Smith, who named the virus after an exotic dancer from Florida. The virus used an enticing subject line to get its victims to open it. Once the email was opened, the virus was able to replicate and send to an additional 50 email addresses accessed through the originally infected computer.

9. Cryptolocker Trojan – 2013

The Cryptolocker Trojan is ransomware that encrypts its victim’s hard drives and then demands a payment. When the ransom message appears on the victim’s computer, they are given a time limit in which they must pay the ransom in order to unlock their files. The Trojan enters a user’s system through an email, which is disguised to be from a logistics company. Within the email, there is an attached zip file which contains a PDF that the users must enter a provided password to open. Once opened, the Trojan begins its attack on the victim’s computer. By posing as a legit company, the ransomware uses social engineering to trick the user into performing the required actions.

10. ZeroAccess Botnet – 2013

Known as one of the largest botnets in history, ZeroAccess affected over 1.9 million computers, using them to earn revenue through bitcoin mining and click fraud. Botnets involve a group of computers, also known as zombies, which are controlled by malicious software and used to send SPAM emails or launch HTML attacks, the first of which was utilized by the ZeroAccess Botnet. These controls are orchestrated by the BotMaster or the command center of the botnet. SPAM emails sent often contain malware that is then used to infect more computers.