When it comes to computer viruses, damage is a matter of perspective. For most of us, the most damaging virus is the one we have the bad luck to catch. However, there is a somewhat objective way of measuring the overall damage a virus inflicts. By following the media reports after a virus outbreak, we can rank viruses by their estimated cost and perceived nastiness. However, it must be said that there is no small amount of exaggeration involved in these reports.
It’s also worth noting that the terms worm and virus are being used interchangeably here because that’s how the media used to report on these matters. (To learn the difference between the types of malware, check out our article Malicious Software: Worms, Trojans and Bots, Oh My!)
So, taking the numbers with a grain of salt, we’ll look at the heavyweights of the computer virus world.
7. Melissa, 1999
Estimated Damages: $1.1 Billion – $1.5 Billion
Melissa was a macro virus that spread through email attachments. It got its start by infecting a Usenet newsgroup, alt.sex, spreading from there as a file named List.DOC – a document containing passwords to porn sites. Opening the document would execute the macro, leading to mass emails that spread the virus further. Variants of Melissa cropped up as the original made its rounds. Melissa slowed down the entire Internet by overloading servers with all the emails it was sending around.
6. SirCam, 2001
Estimated Damages: $1.15 Billion – $1.25 Billion
SirCam was another worm that spread itself through email. It targeted computers running Windows, and it had some interesting tricks. These included attaching a random file from the infected machine to its emails, which were sent to the addresses stored on that machine. The email sent from the machine was given a subject line based on the name of the file that was attached. This clever bit of thinking made the spam emails look more legitimate, upping the chances that the recipient would open the file without thinking.
5. Code Red I and II, 2001
Estimated Damages: $2 Billion – $2.75 Billion
Code Red I was a worm that specifically attacked computers running Microsoft Internet Information Services (IIS). It exploited a flaw in the buffer overflow and proceeded to hijack websites. Once the takeover was complete, the websites were changed to read “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!“ Code Red II followed two weeks later, using a similar entry point; other variants followed. The virus originated in the same area of the Philippines as the virus that made the No.1 spot on our list.
4. Nimda, 2001
Estimated Damages: $1.5 Billion
Nimda, which is "admin" spelled in reverse, wasn’t as financially damaging as some other viruses, but it gains a higher spot on the list based on its method of attack and its timing. Released shortly after the September 11 terrorist attacks on the World Trade Center, Nimda was a multiple vector virus. This means it spread via email, infected files, shared files on local area networks, compromised websites and even using back doors opened by other viruses. The speed of the virus was frightening enough, but the panic level was raised by rumors that Nimda was the second prong of the terrorist attacks.
3. MyDoom, 2004
Estimated Damages: $4 – $22 Billion
MyDoom was primarily an email-based worm that spread with unparalleled speed throughout the internet. Its payload is still a matter of debate. Some say it was meant to carry out a targeted attack on the SCO group, others that it was just meant to open back doors that would later be exploited for distributed denial-of-service attacks. Perhaps the most significant part of the MyDoom attack was how the estimates of economic damage ballooned that year. Following on the heels of the Bagle worms, some analysts estimated that viruses caused more than $100 billion in damages in January alone.
2. CIH Virus (Chernobyl), 1998
Estimated Damage: $250 million – Several Billion
Chernobyl belongs on any list of damaging malware simply because it didn’t stop at kicking computers in the teeth – it was designed to systematically destroy every part of an infected system. The Chernobyl virus got its nickname from the fact that it was set to activate on its creator’s birthday; it just so happened that Chen Ing Hau of Taiwan was born on the anniversary of the Chernobyl nuclear disaster, which occurred in the Ukraine in 1986. The virus worked by filling up empty spaces with copies of itself, wiping data and eventually overwriting the BIOS chip.
The virus was reported to have destroyed millions of computers worldwide and caused untold economic damage. That said, Hau was never jailed for all the damage he caused, throwing those wild estimates into question. So, in the end, Chernobyl earns its spot based on the potential damage it was designed to do, if not the actual damage it caused.
1. Love Bug, 2000
Estimated Damage: $8.75 billion
Love Bug, also known as Love Letter or ILOVEYOU, was a landmark virus in that it prompted many people to start taking Internet security seriously. The original email-borne virus and its variants used a bit of simple social engineering to spread their way around the Internet. After all, who doesn’t want to be loved? Love Bug changed files and overwrote some data, while also emailing itself to other victims in the infected computers’ address lists. These techniques were copied by other viruses like the Storm Worm, and remain effective even as anti-virus software has evolved.
Are Things Getting Safer?
There is no doubt that computer viruses and malware in general can be damaging, especially when it affects you directly. That said, a lot of the damage that gets reported with viruses is hard to verify, although the fear they instill is very real. This fear has prompted many people to install anti-virus software on their computers and be much more careful with attachments. This has, in turn, limited the reach of new malware, making the Internet safer for everyone – at least as far as viruses are concerned.
Editor’s Note: All figures regarding estimated damages were obtained from ComputerEconomics.com, Internet data firm mi2G and CNN.