I Love You (2001)
Also known as the LoveLetter, it infected millions of computers within one night. It arrived in Windows users’ inboxes with the subject line “ILOVEYOU” and the attachment “LOVE-LETTER-FOR-YOU.TXT.VBS.” Upon opening, the attachment sent itself to fifty email addresses in the user’s Windows Address Book and overwrote files with a copy of itself. It also added registry keys in order to initialize upon start-up. By May 13, fifty million infections had been reported and caused an estimated $5.5 billion in damages.
Code Red (2001)
The Code Red worm invaded machines running Windows NT and 2000. It combined the power of all infected machines to attack the White House on a certain date. Days 1 to 19 of its infection were spent searching for and infecting other computers, but days 20 to 27 launched denial of service (DoS) attacks on several fixed IP addresses.
Nimda infected thousands of computers worldwide with five different methods of infecting computers systems and duplicating itself and became one of the most widespread viruses within twenty-two minutes of launching. It is remembered for causing more economic damage than any virus that had gone before it, including both the LoveLetter and Code Red.
Capable of attacking all Windows machines regardless of operating system, it injected itself into a specific process, such as iexplore.exe (Internet Explorer) or msnmsgr.exe (MSN Messenger). It had a built-in firewall bypasser and could turn off some anti-virus programs. A legal version has been released: Spytector. Beast was used primarily to stalk people.
SQL Slammer (2003)
The SQL Slammer launched DoS attacks. It infected most of its 75,000 victims within the first ten minutes of its appearance – a relatively low number, but enough to create significant slowdowns worldwide. In South Korea, the Internet was shut down nationwide. Infected servers bombarded routers, causing them to collapse.
Sent as an email attachment, the Sober worm had to be unpacked and run by the user. Upon execution, Sober would add itself to the registry to ensure activation on start-up. It emails itself to addresses stored on the user’s computer. It is also able to deactivate some anti-virus programs.
Santy is the first known webworm, using Google to spread itself through the Internet. It attacked approximately 40,000 websites, holding the worldwide record of spreading globally within three hours of its release. It defaced writeable files of websites. Since then, Google has blocked Santy queries, effectively halting its spread.
Storm Worm (2007)
Storm Worm attacked mostly European and American computers, spreading through email messages with a variety of subject lines. It had eight waves of attack and as of 2007 is accountable for 8% of all malware infections.
Torpig circumvents anti-virus programs to steal accounts and passwords as well as allow the programmer full access of the machine. As of 2008, it has stolen approximately 500,000 online bank accounts, card numbers, and more.
Downadup /Conficker (2008)
Suspected to have over 7 million computers worldwide in its control, Downadup – also known as Conficker – was successful in spreading across the Web. The most heavily hit countries were Brazil, China, and Russia. The worm would update itself as it spread, each variant installing different malware and running various programs.