Comparison of computer viruses explained

Comparison of computer viruses should not be confused with Timeline of computer viruses and worms.

The compilation of a unified list of computer viruses is made difficult due to their subsequent naming. To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names have been used to denote the same virus.

Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases, it is often renamed. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not to be in active circulation (also called "zoo viruses"). The sizes are vastly different: in-the-wild lists contain a hundred viruses but full lists contain tens of thousands.

Comparison of viruses and related programs

VirusAlias(es)TypesSubtypeIsolation dateIsolationOrigin Author Notes
1260V2PxDOSPolymorphic1990First virus family to use polymorphic encryption
4K4096 DOS1990-01The first known MS-DOS-file-infector to use stealth
5loDOS1992-10Infects .EXE files only
AbraxasAbraxas5DOS,
Windows 95, 98
1993-04EuropeARCV groupInfects COM file. Disk directory listing will be set to the system date and time when infection occurred.
AcidAcid.670, Acid.670a, Avatar.Acid.670, Keeper.Acid.670DOS,
Windows 95, 98
1992Corp-$MZUInfects COM file. Disk directory listing will not be altered.
AcmeDOS,
Windows 95 DOS
1992Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABCABC-2378, ABC.2378, ABC.2905DOS1992-10ABC causes keystrokes on the compromised machine to be repeated.
ActifedDOS
AdaDOS1991-10ArgentinaThe Ada virus mainly targets .COM files, specifically COMMAND.COM.
AGI-PlanMonth 4-6DOSMülheimAGI-Plan is notable for reappearing in South Africa in what appeared to be an intentional re-release.
AIDOS
AIDSAIDSB, Hahaha, TauntDOS1990AIDS is the first virus known to exploit the DOS "corresponding file" vulnerability.
AIDS IIDOScirca 1990
AlabamaAlabama.B DOS1989-10Hebrew University, JerusalemFiles infected by Alabama increase in size by 1,560 bytes.
Alcon[1] RSY, Kendesm, Ken&Desmond, EtherDOS1997-12Overwrites random information on disk causing damage over time.
AmbulanceDOSJune 1990
Anna KournikovaEmail
VBScript
2001-02-11Sneek, NetherlandsJan de WitA Dutch court stated that US$166,000 in damages was caused by the worm.
ANTIANTI-A, ANTI-ANGE, ANTI-B, Anti-VariantClassic Mac OS1989-02FranceThe first Mac OS virus not to create additional resources; instead, it patches existing CODE resources.
AntiCMOSDOSJanuary 1994 – 1995Due to a bug in the virus code, the virus fails to erase CMOS information as intended.
ARCV-nDOS1992-10/1992-11England, United KingdomARCV GroupARCV-n is a term for a large family of viruses written by the ARCV group.
AlureonTDL-4, TDL-1, TDL-2, TDL-3, TDL-TDSSWindowsBotnet2007EstoniaJD virus
AutostartAutostart.A—DClassic Mac OS1998Hong KongChina
BomberCommanderBomberDOSBulgariaPolymorphic virus which infects systems by inserting fragments of its code randomly into executable files.
BrainPakistani fluDOSBoot sector virus1986-01Lahore, PakistanBasit and Amjad Farooq AlviConsidered to be the first computer virus for the PC
Byte BanditAmigaBoot sector virus1988-01Swiss Cracking AssociationIt was one of the most feared Amiga viruses until the infamous Lamer Exterminator.
CDEFClassic Mac OS1990.08Ithaca, New YorkCdef arrives on a system from an infected Desktop file on removable media. It does not infect any Macintosh systems beyond OS6.
Christmas TreeWorm1987-12Germany
CIHChernobyl, SpacefillerWindows 95, 98, Me1998-06TaiwanTaiwanChen ing-HauActivates on April 26, in which it destroys partition tables, and tries to overwrite the BIOS.
CommwarriorSymbian Bluetooth wormFamous for being the first worm to spread via MMS and Bluetooth.
CreeperTENEX operating systemWorm1971Bob ThomasAn experimental self-replicating program which gained access via the ARPANET and copied itself to the remote system.
ElizaDOS1991-12
Elk ClonerApple II1982Mt. Lebanon, PennsylvaniaMt. Lebanon, PennsylvaniaRich SkrentaThe first virus observed "in the wild"
EsperantoEsperanto.4733DOS, MS Windows, Classic Mac OS1997.11SpainSpainMister SandmanFirst multi-processor virus. The virus is capable of infecting files on computers running Microsoft Windows and DOS on the x86 processor and MacOS, whether they are on a Motorola or PowerPC processor.
Fakesysdef2010Trojan targeting the Microsoft Windows operating system. Dispersed as an application called "HDD Defragmenter", a fake system defragmenter.
FormDOS1990SwitzerlandA very common boot virus, triggers on the 18th of any month.
FunWindows2008It registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express
GraybirdBackdoor.GrayBird, BackDoor-ARRWindowsTrojan Horse2003-02-04
HareDOS,
Windows 95, Windows 98
1996-08Famous for press coverage which blew its destructiveness out of proportion
ILOVEYOUMicrosoftWorm2000-05-05Manila, PhilippinesMichael Buen, Onel de GuzmanComputer worm that attacked tens of millions of Windows personal computers
INIT 1984Classic Mac OS1992-03-13IrelandMalicious, triggered on Friday the 13th. Init1984 works on Classic Mac OS System 6 and 7.
JerusalemDOS1987-10Jerusalem was initially very common and spawned a large number of variants.
Kama SutraBlackworm, Nyxem, and Blackmal2006-01-16Designed to destroy common files such as Microsoft Word, Excel, and PowerPoint documents.
KokoDOS1991-03The payload of this virus activates on July 29 and February 15 and may erase data on the users hard drive
Lamer ExterminatorAmigaBoot sector virus1989-10GermanyRandom encryption, fills random sector with "LAMER"
MacMagDrew, Bradow, Aldus, PeaceClassic Mac OS1987-12United StatesProducts (not necessarily the Classic Mac OS) were infected with the first actual virus.
MDEFGarfield, Top CatClassic Mac OS1990-05-15
Ithaca, New YorkInfects menu definition resource fork files. Mdef infects all Classic Mac OS versions from 4.1 to 6.
MelissaMailissa, Simpsons, Kwyjibo, KwejeeboMicrosoft Word macro virus1999-03-26New JerseyDavid L. SmithPart macro virus and part worm. Melissa, a MS Word-based macro that replicates itself through e-mail.
MiraiInternet of ThingsDDoS2016
MichelangeloDOS1991-02-04AustraliaRan March 6 (Michelangelo's birthday)
MydoomNovarg, Mimail, ShimgapiWindowsWorm2004-01-26WorldRussiaMydoom was the world's fastest spreading computer worm to date, surpassing Sobig, and the ILOVEYOU computer worms, yet it was used to DDoS servers.
NavidadWindowsMass-mailer worm2000-12South America
NatasNatas.4740, Natas.4744, Natas.4774, Natas.4988DOSMultipartite, stealth, polymorphic1994.06Mexico CityUnited StatesPriest (AKA Little Loc)
nVIRMODM, nCAM, nFLU, kOOL, Hpat, Jude, Mev#, nVIR.BClassic Mac OS1987-12United StatesnVIR has been known to 'hybridize' with different variants of nVIR on the same machine.
OompaLeapMac OSXWorm2006.02.10First worm for Mac OSX. It propagates through iChat, an instant message client for Macintosh operating systems. Whether Oompa is a worm has been controversial. Some believe it is a trojan.
OneHalfSlovak Bomber, Freelove or Explosion-IIDOS1994SlovakiaVyvojarIt is also known as one of the first viruses to implement a technique of "patchy infection"
NoEscape.exeWindows
Ontario.1024
Ontario.2048
OntarioSBCDOS1990-07Ontario"Death Angel"
PetyaGoldenEye, NotPetyaWindowsTrojan horse2016UkraineRussiaTotal damages brought about by NotPetya to more than $10 billion.
Pikachu virus2000-06-28AsiaThe Pikachu virus is believed to be the first computer virus geared at children.
Ping-pongBoot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruzDOSBoot sector virus1988-03TurinHarmless to most computers
RavMonE.exeRJump.A, Rajump, JisxWorm2006-06-20Once distributed in Apple iPods, but a Windows-only virus
SCAAmigaBoot sector virus1987-11SwitzerlandSwiss Cracking AssociationPuts a message on screen. Harmless except it might destroy a legitimate non-standard boot block.
ScoresEric, Vult, NASA, San Jose FluClassic Mac OS1988.04United StatesFort Worth, TexasDonald D. BurlesonDesigned to attack two specific applications which were never released.
Scott's ValleyDOS1990-09Scotts Valley, CaliforniaInfected files will contain the seemingly meaningless hex string 5E8BDE909081C63200B912082E.
SevenDust666, MDEF, 9806, Graphics Accelerator, SevenD, SevenDust.B—GClassic Mac OSPolymorphic1989-06
MarkerShankar's Virus, Marker.C, Marker.O, Marker.Q, Marker.X, Marker.AQ, Marker.BN, Marker.BO, Marker.DD, Marker.GR, W97M.MarkerMS WordPolymorphic, Macro virus1999-06-03Sam RogersInfects Word Documents
SimileEtap, MetaPHORWindowsPolymorphicThe Mental DrillerThe metamorphic code accounts for around 90% of the virus' code
SMEG engineDOSPolymorphic1994United KingdomThe Black BaronTwo viruses were created using the engine: Pathogen and Queeg.
StonedDOSBoot sector virus1987WellingtonOne of the earliest and most prevalent boot sector viruses
JerusalemSunday, Jerusalem-113, Jeruspain, Suriv, Sat13, FuManchuDOSFile virus1987-10SeattleVirus coders created many variants of the virus, making Jerusalem one of the largest families of viruses ever created. It even includes many sub-variants and a few sub-sub-variants.
WannaCryWannaCrypt, WannaCryptorWindowsRansomware Cryptoworm2017WorldNorth Korea
WDEFWDEF AClassic Mac OS1989.12.15Given the unique nature of the virus, its origin is uncertain.
WhaleDOSPolymorphic1990-07-01HamburgR HomerAt 9216 bytes, was for its time the largest virus ever discovered.
ZMistZMistfall, ZombieMistfallWindows2001RussiaZ0mbieIt was the first virus to use a technique known as "code integration".
XafecopyAndroidTrojan2017
ZucZuc.A., Zuc.B, Zuc.CClassic Mac OS1990.03ItalyItaly

Related lists

Unusual subtypes

Notable instances

Similar software

Security topics

See also

External links

Notes and References

  1. News: Computer Viruses in SpyWareLoop.com. Vincentas. Spyware Loop. 11 July 2013. 28 July 2013. 21 September 2013. https://web.archive.org/web/20130921054427/http://www.spywareloop.com/news/computer-viruses. dead.