List of computer worms

Name Alias(es) Type Subtype Isolation date Origin Author Functions and notes
Badtrans Badtrans.29020, Badtrans.B, Badtrans.A,

I-Worm.BadtransII, Badtrans.gen

Mass mailer Trojan November 24, 2001[1] Poland[2] Unknown Installed a keylogger; distributed logged information (such as passwords, usernames, etc.) to one of 22 emails.
Bagle Beagle, Mitglieder, Lodeight, Trojan.DL.Bagle Mass mailer Trojan January 18, 2004 Unknown Unknown Spread by email; certain variants had no subject and no text.[3] Allowed attacker to access computers that were infected.
Blaster Lovesan, MSBLAST Mass DoS attacks Logic bomb (payload set to activate August 15) August 11, 2003 Hopkins, Minnesota Jeffrey Lee Parson[4] Widespread DDoS attacks targeted toward Bill Gates; contained message "billy gates why do you make this

possible ? Stop making money and fix your software!!"[sic]. Caused over US$300,000,000 in damages, mostly to American infrastructure.[5]

Brontok W32.Rontokbro@mm, BackDoor.Generic.1138, Worm.Mytob.GH October 3, 2005 Indonesia Spread through an Indonesian e-mail headed with "stop the collapse in this country"; destroys firewalls.
BuluBebek W32/VBWorm.QXE October 10, 2008
Code Red DoS payload, Defacement payload July 2001 Exploited Microsoft Internet Information Services to deface web pages and DOS a few set IPs.
Code Red II August 4, 2001 Exploited Microsoft Internet Information Server security holes.
Conficker Downup, Downadup, Kido November 21, 2008
Daprosy Worm Worm.Win32.VB.arz, W32.Autorun.worm.h, W32/Autorun-AMS, Worm:Win32/Autorun.UD Trojan Mass mailer July 15, 2009 Replaces folders with .EXE's, key logger, slow mass mailer.
Dabber W32/Dabber-C, W32/Dabber.A May 14, 2004
Doomjuice February 11, 2004 Attack computers that had previously been infected by the Mydoom worm.
ExploreZip I-Worm.ZippedFiles June 6, 1999 Spread through zipped documents in a spam e-mail.
Father Christmas HI.COM December 1988
Hybris Snow White, Full Moon, Vecna.22528 December 11, 2000 Brazil Vecna Spread through an e-mail from "[email protected]".
ILOVEYOU Loveletter, LoveBug Worm May 4, 2000 Manila, Philippines
Kak worm October 22, 1999 On the first day of any month, if the time was after 5 pm, Kak displayed a popup message box that read: "Driver Memory Error - Kagou-Anti-Kro$oft says not today !" Dismissing it would reboot the computer and then display the message again.
Klez October 2001
Koobface December 2008 Targeted MySpace and Facebook users with a heading of "Happy Holidays".
Leap-A Oompa-Loompa Trojan worm February 14, 2006 Most known for being the first virus targeting Mac computers.
Morris November 2, 1988 Robert Tappan Morris Widely considered to be the first computer worm. Although created for academic purposes, the negligence of the author unintentionally caused the worm to act as a denial of service attack. It spread by exploiting known vulnerabilities in UNIX-based systems, cracked weak passwords, and periodically altered its process ID to avoid detection by system operators.
Mydoom W32.MyDoom@mm, Novarg, Mimail.R, Shimgapi January 26, 2004 Fastest-spreading e-mail worm known; used to attack SCO Group
Mylife W32.MyLife.C@mm Mass mailer Trojan (some variants) April 2, 2002 Mass deletes files on infected computers. Certain variants show a caricature of U.S. President Bill Clinton.[6]
Navidad[7] Emmanuel, W32.Wachit Mass mailer Trojan December 1, 2000[8] South America Unknown Email appears to be in reply to someone the target has messages prior.[7] Messages created by the virus are written entirely in Spanish. [9]
Netsky February 18, 2004 Germany Sven Jaschan
Nimda September 2001 Originally suspected to be connected to Al Qaeda because of release date; uses multiple infection vectors.
Psyb0t Network Bluepill January 2009
Sadmind May 8, 2001
Sasser Big One April 30, 2004 Sven Jaschan Network worm. At startup, it kills the process lsass.exe, a windows process which handles file permissions. Killing lsass causes the computer to reboot one minute later, which would cause sasser to run again. This would continue in an infinite loop until the computer is shut down manually.
Sircam Spread through e-mail with text like "I send you this file in order to have your advice."
Sober CME-681, WORM_SOBER.AG October 24, 2003 Germany, possibly from National Democratic Party of Germany Was disguised as e-mail from United States government.
Sobig August 2003
SQL Slammer DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammer Caused global Internet slowdown.
Stuxnet Win32/Stuxnet June 2010 First malware to attack SCADA systems.
Swen September 18, 2003
Toxbot 2005 The Netherlands Opened up a backdoor to allow command and control over the IRC network.
Upering Annoyer.B, Sany July 22, 2003
Voyager Voyager Worm October 31, 2005 Targets Operating System running Oracle Databases.
W32.Alcra.F Win32/Alcan.I Worm February 17, 2006 Propagated through file-share networks.[10]
W32/Bolgimo.worm
W32/IRCbot.worm W32/Checkout, W32.Mubla, W32/IRCBot-WB, and Backdoor.Win32.IRCBot.aaq Trojan Worm Backdoor June 1, 2007 It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an IRC channel.
WANK OILZ October 1989 Spread a pacifist, anti-nuclear political message.
Welchia Nachia, Nachi A helpful worm meant to install security patches and removes Blaster worm if the computer is infected by it.
Witty March 19, 2004 Appeared very rapidly after announcement of Internet Security Systems vulnerability
Zotob Farid Essebar and Atilla Ekici
  1. ^ "Virus'". ecsis.ecsis.net. CTRL+F search term "Badtrans". Retrieved 2024-02-02.
  2. ^ "Badtrans - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-02.
  3. ^ admin-ectnews (2004-03-26). "Bagle.U Worm Spreads Despite Simplicity". TechNewsWorld. Retrieved 2024-02-02.
  4. ^ "Minnesota Man Sentenced to 18 Months in Prison for Creating and Unleashing a Variant of the MS Blaster Computer Worm (January 28, 2005)". www.justice.gov. Retrieved 2024-02-03.
  5. ^ "Blaster - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-03.
  6. ^ Leyden, John. "Clinton worm variant makes fun of Sharon". www.theregister.com. Retrieved 2024-02-04.
  7. ^ a b "Navidad - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2024-02-02.
  8. ^ Stan, Michael (December 1, 2000). "The "W32.Navidad@M" Worm". giac.org. Archived from the original on February 2, 2024. Retrieved February 2, 2024. Alt URL
  9. ^ staff, CBSNews com staff CBSNews com (2000-11-10). "A Not-So-Feliz 'Navidad' - CBS News". www.cbsnews.com. Retrieved 2024-02-04.
  10. ^ "W32.Alcra.F". Symantec. Archived from the original on August 26, 2006. Retrieved 20 October 2016.