The 10 Most Famous Computer Viruses

Throughout the history of computing, few threats have captured global attention quite like computer viruses. These malicious programs, often spreading silently and swiftly, have disrupted critical infrastructure, stolen sensitive information, and caused untold financial damage. While some viruses were created as experiments or pranks, others were designed with far more sinister intent—highlighting the vulnerabilities in our increasingly connected digital world. In this feature, we delve into the 10 most famous computer viruses of all time. Iconic names that have become synonymous with cyber chaos. From the early days of email worms to the rise of state-sponsored cyber weapons, these digital plagues have left a lasting legacy and serve as powerful reminders of the importance of cybersecurity in the modern age.

1. ILOVEYOU

The ILOVEYOU virus, unleashed on May 4, 2000, stands as one of the most devastating computer viruses ever, infecting millions of systems worldwide within hours. Disguised as a love letter sent via email, it exploited vulnerabilities in Microsoft Outlook and Windows to spread rapidly, requiring no further user interaction. Once opened, the virus propagated by sending copies of itself to all contacts in the victim’s address book, causing massive disruptions across governments and corporations. With estimated damages between $3 billion and $15 billion, ILOVEYOU not only exposed serious cybersecurity flaws but also led to global changes in digital defense strategies, increased public awareness, and legal reforms in the Philippines, where it originated—ultimately marking a pivotal moment in the evolution of cybersecurity.

2. CryptoLocker

First detected in September 2013, Cryptolocker quickly gained notoriety as one of the most sophisticated and damaging forms of ransomware. This malware encrypts victims’ files with virtually unbreakable encryption and demands a ransom—often several hundred dollars—for decryption. Its creators have profited significantly, with estimates suggesting earnings exceeding $1 million within months of its release. Cryptolocker spreads rapidly and indiscriminately, impacting businesses, individuals, and even law enforcement agencies, including a Massachusetts police department that paid $750 to recover its files. Classified under names like Trojan.Ransom and Win32/Crilock.A, the malware’s rapid propagation—over 12,000 systems in a single week—makes it a major concern for IT professionals and managed service providers, highlighting the urgent need for strong cybersecurity defenses.

3. MyDoom

MyDoom, also known as “Novarg,” is a highly destructive computer worm that first appeared in January 2004 and quickly became one of the fastest-spreading malware threats in history. Propagating primarily through email attachments, it exploited human curiosity to activate its payload, which included a backdoor that allowed cybercriminals remote access to infected systems. This access enabled data theft, remote control, and the creation of botnets used for large-scale distributed denial-of-service (DDoS) attacks. Infecting millions of machines and causing billions in damages, MyDoom highlighted the critical importance of strong email security, user education, and multi-layered cybersecurity defenses to prevent similar future threats.

4. Storm Worm

Unleashed on January 19, 2007, the Storm Worm quickly became one of the most powerful and complex malware threats ever seen, forming a massive botnet that infected over a million Windows-based computers, primarily in Europe and the U.S. Combining the traits of a Trojan horse, bot, and worm, Storm used advanced tactics like polymorphic code—changing its signature every 10 to 30 minutes—to evade detection. It spread through deceptive emails and links, quietly installing components that enabled remote control, data theft, spam distribution, and large-scale DDoS attacks, including one that temporarily crippled Estonia’s internet. With a peer-to-peer command structure and long periods of dormancy, Storm demonstrated a level of adaptability and resilience that challenged even the most advanced cybersecurity defenses of its time.

5. Sasser & Netsky

Discovered on April 30, 2004, Sasser was a fast-spreading computer worm that exploited a vulnerability in the LSASS (Local Security Authority Subsystem Service) component of Windows XP and Windows 2000, allowing it to infect systems without any user action. By targeting TCP port 445 and sometimes port 139, Sasser scanned and attacked systems over the internet, causing frequent crashes and automatic shutdowns. Although a patch for the flaw had been released 17 days earlier, many systems remained unprotected, leading to widespread disruption. Major organizations—including Delta Air Lines, the British Coastguard, and the European Commission—suffered severe operational issues. The worm was traced to 18-year-old German student Sven Jaschan, who was arrested after a tip-off motivated by a $250,000 Microsoft bounty. Jaschan was later found guilty and received a suspended sentence, having also authored variants of both Sasser and the Netsky worm. Sasser’s impact highlighted the critical need for timely system updates and effective network security.

Netsky is a widespread family of computer worms targeting Microsoft Windows, first appearing in February 2004, with the “B” variant becoming the first to achieve mass distribution. Created by 18-year-old German student Sven Jaschan—also the author of the Sasser worm—Netsky variants were known not only for spreading via email attachments and harvesting addresses to self-propagate, but also for containing messages mocking the authors of rival worm families like Bagle and Mydoom. This sparked a so-called “virus war” that fueled the rapid creation of new variants across all three families. Some versions of Netsky even removed competing malware from infected systems, and others triggered beeping sounds on certain dates. The Netsky.P variant remained the most prevalent email-distributed virus globally until late 2006. Interestingly, the worm also inspired Belgian drum and bass artist Netsky to adopt its name, referencing the virus’s notoriety.

6. Anna Kournikova Virus

The Anna Kournikova worm, created by 20-year-old Dutch programmer Jan de Wit on February 11, 2001, was a Visual Basic Script-based computer worm that spread through Microsoft Outlook by disguising itself as a photo of tennis star Anna Kournikova. The email, with the subject line “Here you have, ;0)” and attachment “AnnaKournikova.jpg.vbs,” tricked users into launching the worm, which then forwarded itself to all contacts in the user’s address book. Although it did not damage data, the worm spread rapidly and caused an estimated $166,000 in disruption. De Wit used a readily available worm generator to create the virus and later turned himself in after realizing the impact of his actions. He was sentenced to 150 hours of community service or 75 days in jail, and despite the incident, was even reportedly offered a job by the mayor of his hometown due to his programming skills.

7. Slammer

The SQL Slammer worm, which emerged in January 2003, was a fast-spreading computer virus that exploited a buffer overflow vulnerability in Microsoft SQL Server 2000, causing widespread internet disruption and denial-of-service (DDoS) attacks. Despite not using SQL language itself, the worm infected over 75,000 systems within 10 minutes by sending itself to random IP addresses via UDP port 1434. It resided only in memory, without creating or modifying system files, and generated massive amounts of network traffic that overwhelmed servers and slowed down internet performance. Based on proof-of-concept code from security researcher David Litchfield, SQL Slammer highlighted the dangers of unpatched software. Preventive measures include keeping systems updated, using robust antivirus tools, and regularly backing up data to minimize potential damage.

8. Stuxnet

Stuxnet is a groundbreaking computer worm first discovered in 2010, designed to sabotage Iran’s nuclear facilities by targeting programmable logic controllers (PLCs) that automate machinery, causing centrifuges to self-destruct while sending false feedback to operators. Believed to have been created by U.S. and Israeli intelligence agencies, it spread via USB sticks and Windows systems, later inspiring a family of related malware attacks targeting critical infrastructure worldwide, such as power plants, water treatment facilities, and petrochemical plants. These “Stuxnet descendants” include Duqu, Flame, Havex, Industroyer, and Triton, which focus on espionage or disruption of industrial processes, raising serious concerns about cyber threats to vital sectors. Protecting industrial networks from such sophisticated malware involves strong IT security practices, including network segmentation, regular updates, strict USB usage policies, application whitelisting, physical security, and thorough employee training alongside incident response planning.

9. Code Red

The Code Red worm, discovered in July 2001 by researchers Marc Maiffret and Ryan Permeh, exploited a buffer overflow vulnerability in Microsoft’s Internet Information Server (IIS) to spread rapidly, infecting over 359,000 hosts and causing billions of dollars in damage. It operated entirely in memory, making detection difficult, and propagated by scanning for vulnerable IIS servers, launching denial-of-service attacks—most notably against the White House website—and pausing its activity monthly. Variants like Code Red II introduced backdoors for remote control, while others like Codeblue and Codegreen exploited additional vulnerabilities or acted as anti-worms. Preventing infection required timely Windows security patches, updated antivirus and firewall protections, and strong system management practices. Code Red highlighted the critical need for proactive patching and vigilant security policies, serving as a cautionary example for administrators and users alike.

10. Conflicker

Conficker, a Windows-targeting worm discovered in November 2008, initially spread by exploiting a vulnerability in Windows Server Service. Later variants expanded its propagation methods to include spreading through weakly protected Windows file shares and USB autorun features, with more advanced versions using peer-to-peer communication and installing additional malware like the Waledac spambot and fake antivirus programs. At its peak in early 2009, Conficker infected an estimated 9 to 15 million machines and still affected millions years later. A coalition called the Conficker Working Group, including Microsoft and other security firms, worked to disrupt its command and control servers, limiting its impact, while Microsoft offers a $250,000 reward for information leading to the worm’s creators.

Protect your digital world with Malwarebytes Premium Security Protection

Premium device protection for you and your family. Malwarebytes Premium Security prevents threats in real-time, stops ransomware, defends against harmful sites, and cleans and removes malware.

AI-powered, superior security
- Halt hackers by shielding your device from viruses, ransomware, Trojans, botnets, spyware, and more.
Robust scam protection
- Shut down robocalls, scam texts, phishing attempts, and dangerous decoy websites.
Lightweight and intuitive
- Secure your device without compromising speed. Boost browsing by up to 4x. All with our easy-to-use dashboard.
Download Malwarebytes Premium