Home

The Top 10 Worst Computer Viruses in History

Tom Gerencer
|
November 4, 2020
Reading time: 10 minutes
Once a laughing matter, computer viruses are now a damaging and costly plague on our
internet-connected world. More than 350,000 new pieces of malware are discovered every
day, with an annual cost of over $55 billion. But one virus – the Mydoom virus in 2004 –
leads the pack with $38 billion in damages.
This article ranks the most destructive computer viruses by financial impact. But bear in mind
that these malicious programs are just the tip of the iceberg. With 127 million new malware
apps attacking consumers and businesses each year, the viruses in this article are just the
biggest fish in an endless cybercrime sea.
10 worst computer viruses in history
In the list of the 10 most famous computer viruses below, we show the costs, dates, reach,
and other key facts. First a note about terms: we use the words “virus” and “worm”
interchangeably because most readers search for them that way. But there’s a subtle
difference that we explain after the list.

1. Mydoom – $38 billion

The worst computer virus outbreak in history, Mydoom caused estimated damage of $38
billion in 2004, but its inflation-adjusted cost is actually $52.2 billion. Also known as Novarg,
this malware is technically a “worm,” spread by mass emailing. At one point, the Mydoom
virus was responsible for 25% of all emails sent.
Mydoom scraped addresses from infected machines, then sent copies of itself to those
addresses. It also roped those infected machines into a web of computers called a botnet that
performed distributed denial of service (DDoS) attacks. These attacks were intended to shut
down a target website or server.
Mydoom is still around today, generating 1% of all phishing emails. That’s no small feat
considering the 3.4 billion phishing emails sent each day. By that figure, Mydoom has taken
on a life of its own, infecting enough poorly-protected machines to send 1.2 billion copies of
itself per year, 16 years after its creation.
Though a $250,000 reward was offered, the developer of this dangerous computer worm was
never caught.
Wondering what makes the world’s most secure computers so safe? See the Tech@Work
guide: Upgrade to the World's Most Secure and Manageable PC

2. Sobig – $30 billion

The 2003 Sobig computer virus is actually another worm. It is second only to the Mydoom
virus in its scope. The $30 billion figure is a worldwide total, including Canada, the U.K., the
U.S., mainland Europe, and Asia. Several versions of the worm were released in quick
succession, named Sobig.A through Sobig.F, with Sobig.F being the most damaging.
This cybercriminal program masqueraded as legitimate computer software attached to emails.
It disrupted ticketing at Air Canada and interfered with countless other businesses. Despite its
widespread damage, the creator of the successful bug was never caught.

3. Klez – $19.8 billion

Klez is a close third on the list of the worst computer viruses ever created. With nearly $20
billion in estimated damages, it infected about 7.2% of all computers in 2001, or 7 million
PCs. The Klez worm sent fake emails, spoofed recognized senders and, among other things,
attempted to deactivate other viruses.
As with other viruses and worms, Klez was released in several variants. It infected files,
copied itself, and spread throughout each victim’s network. It hung around for years, with
each version more destructive than the last.
Windows has come a long way since most of the computer viruses on this list hit the web.
Thankfully, built-in protection with Microsoft Defender is always on the watch.
4. ILOVEYOU – $15 billion
The year 2000’s ILOVEYOU virus worked by sending a bogus “love letter” that looked like
a harmless text file. Like Mydoom, this attacker sent copies of itself to every email address in
the infected machine’s contact list. Shortly after its May 4 release, it had spread to more than
10 million PCs.
The virus was created by a college student in the Philippines named Onel de Guzman.
Lacking funds, he wrote the virus to steal passwords so he could log into online services he
wanted to use for free. He reportedly had no idea how far his creation would spread. This
virus is also known as Loveletter.
Need to up your remote work security game before there’s another entry on the list of most
deadly computer viruses? See our guide: How to Work Remotely and Securely

5. WannaCry – $4 billion
The 2017 WannaCry computer virus is ransomware, a virus that takes over your computer (or
cloud files) and holds them hostage. The WannaCry ransomware ripped through computers in
150 countries, causing massive productivity losses as businesses, hospitals, and government
organizations that didn’t pay were forced to rebuild systems from scratch.
The malware raged like wildfire through 200,000 computers worldwide. It stopped when a
22-year-old security researcher in the U.K. found a way to turn it off. Computers with out-of-
date operating systems were hit especially hard. That’s why security experts always
recommend updating your systems frequently.
Ransomware strikes again
In September 2020, one of the potentially largest computer virus attacks in medical history
hit Universal Health Services. The U.S. hospital chain, which has more than 400 locations,
was reportedly struck by damaging ransomware. The attack forced the cancellation of
surgeries and made healthcare workers switch to paper records.

6. Zeus – $3 billion
The Zeus computer virus is an online theft tool that hit the web in 2007. A whitepaper by
Unisys three years later estimated that it was behind 44% of all banking malware attacks. By
then, it had breached 88% of all Fortune 500 companies, 2,500 organizations total, and
76,000 computers in 196 countries.
The Zeus botnet was a group of programs that worked together to take over machines for a
remote “bot master.” It originated in Eastern Europe and was used to transfer money to secret
bank accounts. More than 100 members of the crime ring behind the virus, mostly in the
U.S., were arrested in 2010. It’s not as prominent today, but some of the virus’ source code
lives on in newer botnet viruses and worms.
Zeus caused documented damage of $100 million. But the real cost in terms of lost
productivity, removal, and undocumented theft is undoubtedly much higher. A $3 billion
estimate, adjusted for inflation, puts this virus at a cost of $3.7 billion in today’s dollars.

7. Code Red – $2.4 billion

First observed in 2001, the Code Red computer virus was yet another worm that penetrated
975,000 hosts. It displayed the words “Hacked by Chinese!” across infected web pages, and it
ran entirely in each machine’s memory. In most cases it left no trace in hard drives or other
storage.
Financial costs are pegged at $2.4 billion. The virus attacked websites of infected computers
and delivered a distributed denial of service (DDoS) attack on the U.S. White House’s
website, www.whitehouse.gov. In fact, the White House had to change its IP address to
defend against Code Red.
Can your printer get a virus? See our cool infographic: The State of Printer Security

8. Slammer – $1.2 billion

The SQL Slammer worm cost an estimated $750 million across 200,000 computer users in
2003. This computer virus randomly selected IP addresses, exploiting vulnerabilities and
sending itself on to other machines. It used these victim machines to launch a DDoS attack on
several internet hosts, significantly slowing internet traffic.
The Slammer worm hit banks in the U.S. and Canada especially hard, taking ATMs offline in
many locations. Customers of Toronto’s Imperial Bank of Commerce found themselves
unable to access funds. The attack reared its ugly head again in 2016, launching from IP
addresses in Ukraine, China, and Mexico.

9. CryptoLocker – $665 million

Thankfully, ransomware attacks like the 2013 CryptoLocker virus have dipped since their
2017 peak. This malware attacked upwards of 250,000 machines by encrypting their files. It
displayed a red ransom note informing users that “your important files encryption produced
on this computer.” A payment window accompanied the note.
The virus’ creators used a worm called the Gameover Zeus botnet to make and send copies of
the CryptoLocker virus. According to a report by security firm Sophos, the average
ransomware attack costs a business $133,000. If we estimate that CryptoLocker hit 5,000
companies, that would put its total cost at $665 million.
Where will cybersecurity go next? See our guide: The Future of Cybersecurity

10. Sasser – $500 million

The Sasser worm was written by a 17-year-old German computer science student named
Sven Jaschan. He was arrested at the age of 18 in 2004 after a $250,000 bounty was posted
for the computer virus’ creator. A friend of Jaschan’s tipped authorities that the youth had
penned not only the Sasser worm but also the damaging Netsky.AC attack.
Jaschan was given a suspended sentence after it was found he was a minor when he wrote the
malware. The Sasser worm crashed millions of PCs, and though some reports put damages at
$18 billion, the relatively low infection rate suggests a more likely cost of $500 million.
Other notable viruses
The top 10 worst computer viruses above are just the ugly tip of a gargantuan digital iceberg.
With a million new malware programs popping up every 3 years, we may miss the forest for
a few outstanding trees. Here are just a few more viruses that have wreaked havoc over the
years:
 Mimail: This worm tried to harvest data from infected machines to launch a string of
DDoS attacks, but was relatively easy to remove.
 Yaha: Yet another worm with several variants, thought to be the result of a cyber-war
between Pakistan and India.
 Swen: Written in C++, the Swen computer worm disguised itself to look like a 2003
OS update. Its financial cost has been pegged at $10.4 billion, but not reliably.
 Storm Worm: This worm showed up in 2007 and attacked millions of computers
with an email about approaching bad weather.
 Tanatos/Bugbear: A 2002 keylogger virus that targeted financial institutions and
spread to 150 countries.
 Sircam: A computer worm from 2001 that used counterfeit emails with the subject
line, “I send you this file in order to have your advice.”
 Explorezip: This worm used fake emails to spread to every machine on thousands of
local networks.
 Melissa: The most dangerous computer virus in 1999, Melissa sent copies of itself
that looked like NSFW pics. The U.S. FBI estimated cleanup and repair costs at $80
million.
 Flashback: A Mac-only virus, Flashback infected over 600,000 Macs in 2012 and
even infected Apple’s home base in Cupertino, Calif. In 2020, there’s now more
malware on Macs than on PCs.
 Conficker: This 2009 virus still infects many legacy systems and could do significant
damage if it ever activates.
 Stuxnet: This worm is reported to have destroyed Iranian nuclear centrifuges by
sending damaging instructions.
Learn how to harden your company’s cybersecurity profile: Best Ways to Improve Corporate
Cybersecurity

Virus vs worm
The difference between a virus and a worm is that a virus needs another program to make it
work, like a word processor or web browser. By contrast, a worm is self-contained and can
run, copy, and send copies of itself all on its own. Some of the most dangerous computer
viruses are actually worms.

How to know if you have a virus

Today, it’s easy to know if you have a virus. Just open your computer’s antivirus software and
view its latest report. Windows 10 has built-in virus protection called Windows Security. To
find it, type “Windows Security” in your PC’s search bar. Click the shield icon on the left to
see your latest scan.
Wondering what to do if you get a virus? See our guide: How To Get Rid of a Virus
For additional protection, McAfee® uses a deep threat intelligence network and machine
learning to detect, protect, and correct from the cloud. See our review: McAfee Antivirus
Review for 2020
Methodology
To find the worst computer viruses in the world, we relied on estimates of lost productivity,
duration of infection, and approximate numbers for total machines infected. We also used
estimates of cleanup and repair costs. Unfortunately, no government or world body tracks the
cost of computer viruses.
Most of the computer virus cost estimates you’ll find in other articles online come from a
single source. It’s a very short (2-paragraph) article by a UK security firm called mi2g in
2003. That article doesn’t show the data behind its estimates, and the figures in most cases
seem inflated, especially after our independent research. We adjusted these estimates up or
down by cross-checking them against data from various government bodies and security
analysts.
Summary
Computer viruses cost an estimated $55 billion each year in cleanup and repair costs. The
biggest computer virus ever is the Mydoom virus, which did an estimated $38 billion in
damages in 2004. Other notables are the Sobig worm at $30 billion and the Klez worm at
$19.8 billion. Thankfully, today’s secure PCs and operating systems make it exponentially
harder for viruses and worms to get a foothold in our connected lives.