Top Ten Most-Destructive Computer Viruses

Created by underground crime syndicates and government agencies, these powerful

viruses have done serious damage to computer networks worldwide
Top 10 computer viruses
Rather than amateurs working out of their parents' basement, malware creators ar
e often part of an underworld of criminal gang, or working directly for a foreig
n government or intelligence agency. (Epoxydude / fstop / Corbis)

Computer viruses have come a long way from the early days of personal computers,
when teenage hackers competed for bragging rights, creating malware designed fo
r mischief or random mayhem. Now, the hackers have gone professional, and their
ambitions have grown; rather than amateurs working out of their parents' basemen
t, malware creators are often part of an underworld criminal gang, or working di
rectly for a foreign government or intelligence agency. As the stakes have grown
, so too has the potential damage and destruction brought on by malware.
1) Stuxnet (2009-2010) The arrival of Stuxnet was like a cartoon villain come to
life: it was the first computer virus designed specifically to cause damage in
the real, as opposed to virtual, world. While previous malware programs may have
caused secondary physical problems, Stuxnet was unique in that it targeted soft
ware that controls industrial systems. Specifically, Stuxnet was designed to dam
age machinery at Iran s uranium enrichment facility in Natanz. Based on the availa
ble information, including data from the International Atomic Energy Agency, exp
erts believe Stuxnet caused a large number of Iran s centrifuges essentially giant w
ashing machines used to enrich uranium to spin out of control and self-destruct. T
hough Stuxnet was discovered in 2010, it is believed to have first infected comp
uters in Iran in 2009.
2) Conficker Virus (2009)In 2009, a new computer worm crawled its way into milli
ons of Windows-based PCs around the world, creating a massive botnet army of rem
otely controlled computers capable of stealing financial data and other informat
ion. Its complexity made it difficult to stop, and the virus prompted the creati
on of a coalition of experts dedicated to stopping its spread. At its height, th
e Conficker worm infected millions of computers, leading anti-virus researchers
to call it the super bug, or super worm. But the real mystery of Conficker, which st
ill infects a large number of computers, is that no one knows what it was meant
to do: the botnet army was never used for any specific purpose, to the best of a
nyone s knowledge. Conficker s real purpose still confounds security experts.
3) agent.btz (2008) This piece of malware s claim to fame is that it temporarily f
orced the Pentagon to issue a blanket ban on thumb drives and even contributed t
o the creation of an entirely new military department, U.S. Cyber Command. Agent
.btz spreads through infected thumb drives, installing malware that steals data.
When agent.btz was found on Pentagon computers in 2008, officials suspected the
work of foreign spies. Former Deputy Secretary of Defense William Lynne later w
rote that agent.btz created a digital beachhead, from which data could be transfe
rred to servers under foreign control. Though some anti-virus experts have disput
ed the contention that the virus was the creation of a foreign intelligence agen
cy, its effect was to make cyber war a formal part of U.S. military strategy.
4) Zeus (2007) There is no shortage of malware kits that target personal informa
tion, but Zeus has become the go-to tool for many of today s cyber criminals and i
s readily available for sale in the cyber crime underworld. It can be used to pi
lfer passwords as well as files, helping to create a literal underground economy
for compromised identities that can be bought and sold for as little 50 cents.
In the age of Internet banking and online shopping, a compromised identity is mu

ch more than just a name and social security number: it s your address, date of bi
rth, mother s maiden name, and even your secret security questions (your first pet
, your favorite teacher, or your best friend from grade school).
5) PoisonIvy (2005) PoisonIvy is a computer security nightmare; it allows the at
tacker to secretly control the infected user s computer. Malware like PoisonIvy is
known as a remote access trojan, because it provides full control to the perpetra
tor through a backdoor. Once the virus is installed, the perpetrator can activat
e the controls of the targeted computer to record or manipulate its content or e
ven use the computer s speaker and webcam to record audio and video. Once thought
of as a tool for amateur hackers, PoisonIvy has been used in sophisticated attac
ks against dozens of Western firms, including those involved in defense and chem
ical industries, according to a white paper written by Symantec, the computer se
curity firm. The attacks were traced back to China.
6) MyDoom (2004) MyDoom muscled its way into the malware world in 2004, quickly
infecting some one million computers and launching a massive distributed denial
of service attack, which overwhelms a target by flooding it with information fro
m multiple systems. The virus spread through email as what appeared to be a boun
ced message. When the unsuspecting victim opened the email, the malicious code d
ownloaded itself and then pilfered the new victim s Outlook address book. From the
re, it spread to the victim s friends, family and colleagues. MyDoom spread faster
than any worm seen prior.
7) Fizzer (2003) By 2003, many worms were spreading over e-mail, but Fizzer was
an entirely new creature. If earlier worms, like Code Red (see below), were abou
t mischief, Fizzer was all about money. While some initially dismissed the serio
usness of the worm because it wasn t as fast moving as Code Red, Fizzer was more i
nsidious. What makes Fizzer stand out is that it's the first instance of a worm c
reated for financial gain, says Roel Schouwenberg, a senior researcher at Kaspers
ky, an anti-virus company. Computers infected with Fizzer started sending out pha
rmacy spam. In other words, Fizzer didn t just take over your address book to sprea
d for the sake of spreading, it used your address book to send out the now famil
iar porn and pills spam. Fizzer was followed by better-known spam-inducing worms
, like SoBig, which became threatening enough that Microsoft even offered a $250
,000 bounty for information leading to the arrest of its creator.
8) Slammer (2003) In January 2003, the fast-spreading Slammer proved that an Int
ernet worm could disrupt private and public services, a harbinger for future may
hem. Slammer works by releasing a deluge of network packets, units of data trans
mitted over the Internet, bringing the Internet on many servers to a near screec
hing halt. Through a classic denial of service attack, Slammer had a quite real
effect on key services. Among its list of victims: Bank of America s ATMs, a 911 e
mergency response system in Washington State, and perhaps most disturbingly, a n
uclear plant in Ohio.
9) Code Red (2001) Compared to modern malware, Code Red seems like an almost kin
der, gentler version of a threat. But when it swept across computers worldwide i
n 2001, it caught security experts off guard by exploiting a flaw in Microsoft I
nternet Information Server. That allowed the worm to deface and take down some w
ebsites. Perhaps most memorably, Code Red successfully brought down the whitehou
se.gov website and forced other government agencies to temporarily take down the
ir own public websites as well. Though later worms have since overshadowed Code
Red, it s still remembered by anti-virus experts as a turning point for malware be
cause of its rapid spread.
10) Love Letter/I LOVE YOU (2000) Back in 2000, millions of people made the mist
ake of opening an innocent looking email attachment labeled simply, I Love You. In
stead of revealing the heartfelt confession of a secret admirer, as perhaps read
ers had hoped, the file unleashed a malicious program that overwrote the users im

age files. Then like an old-fashioned chain letter gone nuclear, the virus e-mai
led itself to the first 50 contacts in the user s Windows address book. While by t
oday s standards, Love Letter is almost quaint, it did cause wide-scale problems f
or computer users. It only took hours for Love Letter to become a global pandemi
c, in part because it played on a fundamental human emotion: the desire to be lo
ved. In that sense, Love Letter could be considered the first socially engineere
d computer virus.