List of computer worms

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Name Alias(es) Type Subtype Isolation date Isolation Origin Author Notes
Badtrans Mass mailer November 24, 2001 Installed a keylogger; distributed logged information
Bagle Beagle, Mitglieder, Lodeight January 18, 2004 Mass mailer
Blaster Lovesan August 11, 2003 Gruel.exe Makes all exe's unusable so the computer probably can't reboot Hopkins, Minnesota Jeffrey Lee Parson Targeted toward Bill Gates; contained message "billy gates why do you make this possible ? Stop making money and fix your software!!"
Brontok W32/Rontokbro.gen@MM, W32.Rontokbro@mm, BackDoor.Generic.1138, W32/Korbo-B, Worm/Brontok.a, Win32.Brontok.A@mm, Worm.Mytob.GH, W32/Brontok.C.worm, and Win32/Brontok.E, W32.Rontokbro.D@mm. October 3, 2005 Indonesia Spread through an Indonesian e-mail headed with "stop the collapse in this country"; destroys firewalls
BuluBebek W32/VBWorm.QXE October 10, 2008
Code Red DoS payload, Defacement payload July, 2001 Exploited Microsoft Internet Information Services to deface web pages and DOS a few set IPs.
Daprosy Worm Worm.Win32.VB.arz, W32.Autorun.worm.h, W32/Autorun-AMS, Worm:Win32/Autorun.UD Trojan worm Mass mailer July 15, 2009 Replaces folders with .EXE's, key logger, slow mass mailer
Code Red II August 4, 2001 Exploited Microsoft Internet Information Server security holes.
Dabber W32/Dabber-C, W32/Dabber.A May 14, 2004
Doomjuice Feb 11, 2004 Attack computers that had previously been infected by the Mydoom worm.
ExploreZip I-Worm.ZippedFiles June 6, 1999 Spread through zipped documents in a spam e-mail.
Father Christmas HI.COM December 1988
Hybris Snow White, Full Moon, Vecna.22528 December 11, 2000 Brazil Vecna Spread through an e-mail from ""
ILOVEYOU Loveletter, LoveBug Worm May 4, 2000 Manila, Philippines
Kak worm October 22, 1999 On the first day of any month, if the time was after 5pm, Kak displayed a popup message box that read: "Driver Memory Error - Kagou-Anti-Kro$oft says not today !" Dismissing it would reboot the computer and then display the message again.
Klez October 2001
Koobface December 2008 Targeted MySpace and Facebook users with a heading of "Happy Holidays"
Morris November 2, 1988 Robert Tappan Morris Widely considered to be the first computer worm. Although created for academic purposes, the negligence of the author unintentionally caused the worm to act as a denial of service attack. It spread by exploiting known vulnerabilities in UNIX-based systems, cracked weak passwords, and periodically altered its process ID to avoid detection by system operators.
Mydoom W32.MyDoom@mm, Novarg, Mimail.R, Shimgapi January 26, 2004 Fastest-spreading e-mail worm known; used to attack SCO Group.
Mylife W32.MyLife.C@mm April 2, 2002 [1]
Netsky February 18, 2004 Germany Sven Jaschan
Nimda September 2001 Originally suspected to be connected to Al Qaeda because of release date; uses multiple infection vectors
Sadmind May 8, 2001
Sasser Big One April 30, 2004 Sven Jaschan Network worm. At startup, it kills the process lsass.exe, a windows process which handles file permissions. Killing lsass causes the computer to reboot one minute later, which would cause sasser to run again. This would continue in an infinite loop until the computer is shut down manually.
Sircam Spread through e-mail with text like "I send you this file in order to have your advice."
Sober CME-681, WORM_SOBER.AG October 24, 2003 Germany, possibly from National Democratic Party of Germany Was disguised as e-mail from United States government.
Sobig August 2003
SQL Slammer DDOS.SQLP1434.A, the Sapphire Worm, SQL_HEL, W32/SQLSlammer Caused global Internet slowdown
Stuxnet Win32/Stuxnet June 2010 First malware to attack SCADA systems.
Swen September 18, 2003
Toxbot 2005 The Netherlands Opened up a backdoor to allow command and control over the IRC network
Upering Annoyer.B, Sany July 22, 2003
Voyager Voyager Worm October 31, 2005 Targets Operating System running Oracle Databases
W32.Alcra.F Win32/Alcan.I Worm February 17, 2006 Propagated through file-share networks.[1]
W32/IRCbot.worm W32/Checkout, W32.Mubla, W32/IRCBot-WB, and Backdoor.Win32.IRCBot.aaq Trojan Worm Backdoor June 1, 2007 It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an IRC channel.
WANK OILZ October 1989 Spread a pacifist, anti-nuclear political message
Welchia Nachia, Nachi A helpful worm meant to install security patches and removes Blaster worm if the computer is infected by it.
Witty March 19, 2004 Appeared very rapidly after announcement of Internet Security Systems vulnerability
Zotob Farid Essebar and Atilla Ekici

See also[edit]


  1. ^ "W32.Alcra.F". Symantec. Retrieved 20 October 2016.