When computers work well, life becomes easier and more connected. However, as much as the industry has flourished in the last few decades, computers still break down—and more often than not, that is because of viruses. New viruses emerge regularly, coinciding with the global rise in cyberattacks and other threats. While some viruses can cost consumers millions of dollars and cause permanent damage to networks, others don’t cause as many problems anymore because of advances in computer architecture and software development.
But what is a computer virus, exactly? And what are the best antivirus programs for computers? The following sections will address these questions and more. Readers will also learn about the additional benefits of using security applications on any device that can connect to the internet.
Mydoom is generally considered to be one of the worst computer viruses of all time, causing close to $40 billion worth of damage in 2004, according to some estimates. Adjusting for inflation would take that figure higher.
Mydoom was also known as Novarg in the beginning. Technically, though, Mydoom was more of a worm rather than a computer virus. Hackers infected messages with the Mydoom virus and then sent the messages to millions of users. Some reports mention that at Mydoom’s peak, one in every four email messages sent had been infected with the virus.
The working principle behind Mydoom was simple enough as well. The virus first infected user devices and then extracted email addresses from the victim’s contact lists. Once the list was obtained, the Mydoom virus moved to send copies to everyone on the contact list. After infecting the devices of those contacts, the virus continued the process on the next group of devices. Mydoom was also able to enlist infected machines into a botnet (a giant web of infected devices). When enough computing devices became part of the botnet, hackers launched more advanced attacks such as distributed denial-of-service attacks. So in effect, the Mydoom virus didn’t just infect via email but also helped to launch cyber attacks that shut down internet services and apps. The Mydoom virus (or worm) is still not completely gone. Cybersecurity experts estimate that 1% of all phishing emails contain Mydoom. By that account, close to 30 million phishing emails sent each day carry the virus.
Sobig was another computer virus that caused massive damage to internet infrastructure. By some estimates, the Sobig computer virus caused damage in excess of $37 billion while infecting over 2 million computing devices. Unlike the usual computer viruses at the time, Sobig acted not only as a worm (meaning fast self-replication) but also as a Trojan (which means advanced stealth abilities). Similar to most computer viruses (and malware in general), the Sobig virus spread via infected email messages. Most of the emails that were sent (along with Sobig) had catchy (but malicious headlines such as “Re: Details” and “Your Details,” along with other variations.
Hackers behind the Sobig virus had built up an infrastructure so big and efficient that millions of emails were sent to unsuspecting users throughout the world. At one point, Sobig brought down a major portion of network traffic in Washington, D.C. The worm also forced Air Canada to ground flights and brought computer systems belonging to corporations down to a halt. Sobig affected computer networks in the U.S., Europe, Asia, Canada and the U.K. Hackers also managed to evolve Sobig into more effective versions, such as Sobig.A and Sobig.F.
Some consider Klez to be one of the most destructive computer viruses. The virus’s creator wrote the code in Microsoft Visual C++. Klez was particularly damaging to most computer networks because of advanced stealth capabilities. Around 2001, common security applications such as antivirus software and anti-spyware could not detect Klez, making infecting many machines easier for the original Klez worm and all the variants that came after.
Similar to other computer viruses at the time, Klez infected email messages first and then found a way to the victim’s computer system. Once on a given computer system, Klez moved to replicate, spread, steal the victim’s contacts list and then send an email message (along with Klez, of course) to all the contacts for rapid infection. Later variations of Klez gained the ability to carry additional harmful programs that essentially shut down the infected devices.
Klez could not only act as a standard computer virus but also as a worm and a Trojan sample. At Klez’s peak, the virus could disable security applications, virus scans and virus removal tools. The later versions of Klez were probably the first computer viruses that could steal targets’ address books and exploit contact lists. For example, Klez could compose an email with a name copied from the address book and then send the infected message to other contacts. Today, this technique is known as email spoofing. In email spoofing, an infected email may appear to come from a known source, but the real source doesn’t appear in front of the “From” field.
Modifications such as those mentioned above made Klez particularly troublesome as the virus became very efficient at sending spam, getting around various blocking tools and clogging email inboxes quickly. Since Klez made knowing the source of the spam email messages hard, individual users and email programs could not effectively ignore or block spam messages. Moreover, since Klez was able to launch email spoofing attacks, internet users were more likely to open spam messages (as the “From” field had a name from the “Contacts” list).
The ILOVEYOU computer virus is one of the most popular computer viruses of all time, continuing the series of potent computer viruses that came before and wreaked havoc worldwide. ILOVEYOU is considered to have originated in the Philippines from a developer named Ondel De Guzman, who created the virus to steal credentials and access premium content. Like other computer viruses on this list, the ILOVEYOU virus could also act as a worm. As a standalone program, ILOVEYOU could easily replicate quickly once on a given system.
ILOVEYOU primarily spread through email messages, like many existing computer viruses. The infected messages appeared in the user’s email inbox as love letters, all with ILOVEYOU as an attachment. Users who made the mistake of opening the attachment without proper precautions would allow the virus to infect the system and create several problems. As is the case with any computer virus that acts as a worm, ILOVEYOU quickly made several copies of itself and then hid all the files that contained the virus. Moreover, the ILOVEYOU virus replaced genuine files with the copies made earlier. That would make the infected system more unstable because of missing files (as some got replaced by the copies). This way, the ILOVEYOU virus kept replicating to create even bigger problems, such as the system slowing down or getting locked.
WannaCry is arguably the biggest modern computer virus that managed to escape even the best antivirus solutions. WannaCry initially appeared in 2017 and quickly morphed into ransomware. Ransomware is just like an ordinary virus, but instead of stealing data or slowing down the infected device, ransomware locks down the target machine, encrypts the data and then holds the data hostage. The owner of the infected device has to pay a predetermined ransom amount before the files are unlocked, and the machine is made operable again.
Despite significant developments in the field of cybersecurity and software development, the WannaCry ransomware managed to infect computers in more than 150 countries. Individual users have always suffered at the hands of new computer viruses, but WannaCry also caused government organizations, hospitals and corporations massive damages from lost productivity and other costs. Moreover, the organizations and individuals who didn’t pay the ransom had to rebuild all the affected systems from zero, further increasing losses.
The Zeus computer virus could be most accurately classified as a Trojan. Zeus infected computers running the Windows operating system and then used the infected devices to engage in further criminal activities. Mostly, Zeus used hacking techniques such as form grabbing and man-in-the-browser keylogging to steal credentials and cause financial/personal losses. As always, the Zeus computer virus only infected machines via phishing links and drive-by downloads.
Zeus was first discovered by cybersecurity researchers in early 2009, and over the years, the virus managed to infect thousands of computers. Since security applications still had not developed to contain every new threat, Zeus could infect not just individual computers but also FTP accounts and networks belonging to banks, technology companies and other big corporations. Hackers actually launched the Zeus virus along with a botnet that was used to quickly steal sensitive information from bank accounts, emails and social media accounts.
In total, Zeus managed to infect close to a million computers in the U.S. alone. Zeus likely had the biggest network of criminals working together to generate revenue. The virus campaign involved not just hackers who developed the virus but also people who could move money anonymously. For transferring cash across the continent into Europe, hackers had another team. One operation managed to steal over $70 million over a short period. When law enforcement agents busted the ring, over 100 people went to jail. The overall damage caused by the Zeus virus is estimated to be between $3 billion to $4 billion.
7. Code Red
Code Red is a member of a long line of computer viruses that acts as a worm. This virus mainly infected machines with Windows 2000 and Windows NT running, exploiting a security vulnerability most readily available in these operating systems. More specifically, Code Red targeted devices that ran the Microsoft IIS web server, which had a buffer overflow issue at the time. Once Code Red infected a device running Windows NT or 2000, the virus would coerce the hardware to take new instructions from the worm and overwrite the memory. Once the infected device accepted the new malicious instructions, everything would either crash or hackers would use the now-compromised device to launch cyberattacks on organizations’ websites. Similar to any standard worm, Code Red was able to make copies of the original virus quickly. Unlike some of the other viruses previously mentioned, Code Red didn’t try to hide the fact that the device in question was infected. Instead, Code Red left a message on local server pages that said, “Hacked by Chinese.”
Code Red was first discovered in 2001 by two researchers working for a security software company called eEye Digital Security. The researchers were drinking Code Red Mountain Dew at the time of the discovery, hence the name.
In total, Code Red caused damages amounting to $2.6 million and infected close to a million computers.
The SQL Slammer virus, also known as Sapphire, was launched in 2003. Given the limited infrastructure of the internet in 2003, the computer virus took less than 30 minutes to infect a major portion of servers that formed the backbone of the internet. As a result of the Slammer infection, internet bandwidth became restricted worldwide, which also caused a massive slowdown. Slammer managed to crash the ATM Service offered by Bank of America, various 911 services and airlines (which had to cancel flights).
Unlike some of the computer viruses mentioned so far, Slammer didn’t need a user to open an infected email to compromise a device. Instead, the computer virus ran a fake version of SQL Server 2000, a database package from Microsoft, and installed itself on the device. Slammer concentrated more on servers rather than individual users. Hence, the most vulnerable targets were system administrators and the related machines. Once a computer was infected, Slammer started to generate massive amounts of network packets. Over time, the packets overloaded network servers and routers and thus slowed down communications and caused damage.
The most affected country was South Korea, where almost the entire population could not access the internet for some time. In terms of damages, estimates have Slammer causing at least $1 billion worth of productivity loss.
Note: Eventually, though, security patches allowed servers to better prepare for Slammer and antivirus applications started to block the virus.
CryptoLocker is one of the more recent computer viruses that took advantage of some of the latest attack techniques. CryptoLocker represented a new class of cyber threat called ransomware, which essentially locks all the files on the target system and takes the data hostage.
The CryptoLocker computer virus first gained attention in 2013. Once on a system, CryptoLocker encrypted all the important files and displayed a red ransom note to the owner of the device. The note informed the owners of the technology used to lock up all the sensitive data and showed the victims a method to send payments to specific accounts to get the encrypted data back.
Like most viruses, the CryptoLocker ransomware mainly spread via malicious email attachments. After encrypting a device’s files and preventing the owner from accessing any data, hackers only sent the decryption key once the owner sent a fixed amount of money. The amount of money varied depending on the importance of the encrypted data and thus could be anywhere from $100 to thousands of dollars. If users or organizations decided not to pay the ransom, hackers would get rid of the data for good. The interesting bit about CryptoLocker is how hackers used a two-staged process to attack vulnerable devices and encrypt data. Essentially, hackers first created a botnet called Gameover Zeus, which was then used to send millions of CryptoLocker virus copies.
CryptoLocker affected around 250,000 computing devices. By some estimates, the total damage caused by CryptoLocker amounted to $660 million. A year after the ransomware first appeared, law enforcement agencies caught the leader of the group that developed CryptoLocker.
The Sasser and Netsky viruses came on the scene in 2004. The developer is considered to be Sven Jaschan, who was a 17-year-old teenager living in Germany. In the beginning, cybersecurity researchers had a hard time recognizing that the two viruses had a common developer. Instead, the idea was that both Sasser and Netsky used similar code to infect devices and cause damage.
Note: In most cases, Sasser would look for vulnerable computer systems via IP address scanning. After picking candidates, Sasser would instruct target devices to download a file that contained the virus. Sasser was dangerous because the virus could make modifications to the operating system, allowing the virus to block the default methods of shutting down the computer. The only way to shut down the infected machine was to unplug the power cord.
In terms of the working principle, Sasser targeted the then-somewhat common LSASS (Local Security Authority System Service) overflow vulnerability. The service, as the name suggests, manages any local account’s security policy. Once modified, Sasser crashed accounts and thus the computer. Sasser also had the ability to propagate quickly using the available sources and even infect other devices on the same network.
Similar to Slammer, Sasser gained traction very quickly and infected close to 1.5 million computers within two days of release. The virus affected rail services in Australia (leading to many canceled flights) and banks (over 130 branches) in Finland.
Like almost all other computer viruses, old and new, Sasser began the process of infecting devices by attaching a copy to an email. If the user opened the email and clicked on the attachment, Sasser infected the device. Once infected, Sasser would move to send the same malicious email (along with the attachment) to all the contacts of the current victim. The Sasser program repeated the process for each infected machine. Sasser/Netsky kept on infecting machines even through 2004 and caused damages amounting to $1–$2 billion.
Source: Security Gladiators