Comparison of computer viruses

Creating a unified list of computer viruses is challenging due to inconsistent naming conventions. To combat computer viruses and other malicious software, many security advisory organizations and anti-virus software developers compile and publish virus lists. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. Since anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names have been used to denote the same virus.

Ambiguity in virus naming arises when a newly identified virus is later found to be a variant of an existing one, often resulting in renaming. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not to be in active circulation (also called "zoo viruses"). The sizes are vastly different: in-the-wild lists contain a hundred viruses but full lists contain tens of thousands.

Comparison of viruses and related programs

Virus	Alias(es)	Types	Subtype	Isolation date	Isolation	Origin	Author	Notes
1260	V2Px	DOS	Polymorphic^[1]	1990				First virus family to use polymorphic encryption
4K	4096	DOS		1990-01				The first known MS-DOS-file-infector to use stealth
5lo		DOS		1992-10				Infects .EXE files only
Abraxas	Abraxas5	DOS, Windows 95, 98	^[1]	1993-04	Europe		ARCV group	Infects COM file. Disk directory listing will be set to the system date and time when infection occurred.
Acid	Acid.670, Acid.670a, Avatar.Acid.670, Keeper.Acid.670	DOS, Windows 95, 98		1992			Corp-$MZU	Infects COM file. Disk directory listing will not be altered.
Acme		DOS, Windows 95 DOS		1992				Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABC	ABC-2378, ABC.2378, ABC.2905	DOS		1992-10				ABC causes keystrokes on the compromised machine to be repeated.
Actifed		DOS
Ada		DOS		1991-10		Argentina		The Ada virus mainly targets .COM files, specifically COMMAND.COM.
AGI-Plan	Month 4-6	DOS			Mülheim			AGI-Plan is notable for reappearing in South Africa in what appeared to be an intentional re-release.
AI		DOS
AIDS	AIDSB, Hahaha, Taunt	DOS		1990				AIDS is the first virus known to exploit the DOS "corresponding file" vulnerability.
AIDS II		DOS		circa 1990
Alabama	Alabama.B	DOS		1989-10		Hebrew University, Jerusalem		Files infected by Alabama increase in size by 1,560 bytes.
Alcon^[1]	RSY, Kendesm, Ken&Desmond, Ether	DOS		1997-12				Overwrites random information on disk causing damage over time.
Ambulance		DOS		June 1990
Anna Kournikova		Email VBScript		2001-02-11		Sneek, Netherlands	Jan de Wit	A Dutch court stated that US$166,000 in damages was caused by the worm.
ANTI	ANTI-A, ANTI-ANGE, ANTI-B, Anti-Variant	Classic Mac OS		1989-02	France			The first Mac OS virus not to create additional resources; instead, it patches existing CODE resources.
AntiCMOS		DOS		January 1994 – 1995				Due to a bug in the virus code, the virus fails to erase CMOS information as intended.
ARCV-n		DOS		1992-10/1992-11		England, United Kingdom	ARCV Group	ARCV-n is a term for a large family of viruses written by the ARCV group.
Alureon	TDL-4, TDL-1, TDL-2, TDL-3, TDL-TDSS	Windows	Botnet	2007		Estonia	JD virus
Autostart	Autostart.A—D	Classic Mac OS		1998	Hong Kong	China
Bonzi Buddy	Bomber, CommanderBomber	DOS				Bulgaria		Polymorphic virus which infects systems by inserting fragments of its code randomly into executable files.
Brain	Pakistani flu	DOS	Boot sector virus	1986-01		Lahore, Pakistan	Basit and Amjad Farooq Alvi	Considered to be the first computer virus for the PC
Byte Bandit		Amiga	Boot sector virus	1988-01			Swiss Cracking Association	It was one of the most feared Amiga viruses until the infamous Lamer Exterminator.
CDEF		Classic Mac OS		1990.08		Ithaca, New York		Cdef arrives on a system from an infected Desktop file on removable media. It does not infect any Macintosh systems beyond OS6.
Christmas Tree			Worm	1987-12		Germany
CIH	Chernobyl, Spacefiller	Windows 95, 98, Me		1998-06	Taiwan	Taiwan	Chen ing-Hau	Activates on April 26, in which it destroys partition tables, and tries to overwrite the BIOS.
Commwarrior		Symbian Bluetooth worm						Famous for being the first worm to spread via MMS and Bluetooth.
Creeper		TENEX operating system	Worm	1971			Bob Thomas	An experimental self-replicating program which gained access via the ARPANET and copied itself to the remote system.
Eliza		DOS		1991-12
Elk Cloner		Apple II		1982	Mt. Lebanon, Pennsylvania	Mt. Lebanon, Pennsylvania	Rich Skrenta	The first virus observed "in the wild"
Esperanto	Esperanto.4733	DOS, MS Windows, Classic Mac OS		1997.11	Spain	Spain	Mister Sandman	First multi-processor virus. The virus is capable of infecting files on computers running Microsoft Windows and DOS on the x86 processor and MacOS, whether they are on a Motorola or PowerPC processor.
Fakesysdef				2010				Trojan targeting the Microsoft Windows operating system. Dispersed as an application called "HDD Defragmenter", a fake system defragmenter.
Form		DOS		1990	Switzerland			A very common boot virus, triggers on the 18th of any month.
Fun		Windows		2008				It registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express
Graybird	Backdoor.GrayBird, BackDoor-ARR	Windows	Trojan Horse	2003-02-04
Hare		DOS, Windows 95, Windows 98		1996-08				Famous for press coverage which blew its destructiveness out of proportion
ILOVEYOU		Microsoft	Worm	2000-05-05		Manila, Philippines	Michael Buen, Onel de Guzman	Computer worm that attacked tens of millions of Windows personal computers
INIT 1984		Classic Mac OS		1992-03-13	Ireland			Malicious, triggered on Friday the 13th. Init1984 works on Classic Mac OS System 6 and 7.
Jerusalem		DOS		1987-10				Jerusalem was initially very common and spawned a large number of variants.
Kama Sutra	Blackworm, Nyxem, and Blackmal			2006-01-16				Designed to destroy common files such as Microsoft Word, Excel, and PowerPoint documents.
Koko		DOS		1991-03				The payload of this virus activates on July 29 and February 15 and may erase data on the users hard drive
Lamer Exterminator		Amiga	Boot sector virus	1989-10		Germany		Random encryption, fills random sector with "LAMER"
MacMag	Drew, Bradow, Aldus, Peace	Classic Mac OS		1987-12		United States		Products (not necessarily the Classic Mac OS) were infected with the first actual virus.
MDEF	Garfield, Top Cat	Classic Mac OS		1990-05-15		Ithaca, New York		Infects menu definition resource fork files. Mdef infects all Classic Mac OS versions from 4.1 to 6.
Melissa	Mailissa, Simpsons, Kwyjibo, Kwejeebo	Microsoft Word macro virus		1999-03-26		New Jersey	David L. Smith	Part macro virus and part worm. Melissa, a MS Word-based macro that replicates itself through e-mail.
Mirai		Internet of Things	DDoS	2016
Michelangelo		DOS		1991-02-04	Australia			Ran March 6 (Michelangelo's birthday)
Mydoom	Novarg, Mimail, Shimgapi	Windows	Worm	2004-01-26	World	Russia		Mydoom was the world's fastest spreading computer worm to date, surpassing Sobig, and the ILOVEYOU computer worms, yet it was used to DDoS servers.
Navidad		Windows	Mass-mailer worm	2000-12		South America
Natas	Natas.4740, Natas.4744, Natas.4774, Natas.4988	DOS	Multipartite, stealth, polymorphic	1994.06	Mexico City	United States	Priest (AKA Little Loc)
nVIR	MODM, nCAM, nFLU, kOOL, Hpat, Jude, Mev#, nVIR.B	Classic Mac OS		1987-12		United States		nVIR has been known to 'hybridize' with different variants of nVIR on the same machine.
Oompa	Leap	Mac OSX	Worm	2006.02.10				First worm for Mac OSX. It propagates through iChat, an instant message client for Macintosh operating systems. Whether Oompa is a worm has been controversial. Some believe it is a trojan.
OneHalf	Slovak Bomber, Freelove or Explosion-II	DOS		1994		Slovakia	Vyvojar	It is also known as one of the first viruses to implement a technique of "patchy infection"
NoEscape.exe		Windows
Ontario.1024
Ontario.2048
Ontario	SBC	DOS		1990-07		Ontario	"Death Angel"
Petya	GoldenEye, NotPetya	Windows	Trojan horse	2016	Ukraine	Russia		Total damages brought about by NotPetya to more than $10 billion.
Pikachu virus				2000-06-28		Asia		The Pikachu virus is believed to be the first computer virus geared at children.
Ping-pong	Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruz	DOS	Boot sector virus	1988-03		Turin		Harmless to most computers
RavMonE.exe	RJump.A, Rajump, Jisx	Worm		2006-06-20				Once distributed in Apple iPods, but a Windows-only virus
SCA		Amiga	Boot sector virus	1987-11		Switzerland	Swiss Cracking Association	Puts a message on screen. Harmless except it might destroy a legitimate non-standard boot block.
Scores	Eric, Vult, NASA, San Jose Flu	Classic Mac OS		1988.04	United States	Fort Worth, Texas	Donald D. Burleson	Designed to attack two specific applications which were never released.
Scott's Valley		DOS		1990-09	Scotts Valley, California			Infected files will contain the seemingly meaningless hex string 5E8BDE909081C63200B912082E.
SevenDust	666, MDEF, 9806, Graphics Accelerator, SevenD, SevenDust.B—G	Classic Mac OS	Polymorphic	1989-06
Marker	Shankar's Virus, Marker.C, Marker.O, Marker.Q, Marker.X, Marker.AQ, Marker.BN, Marker.BO, Marker.DD, Marker.GR, W97M.Marker	MS Word	Polymorphic, Macro virus	1999-06-03			Sam Rogers	Infects Word Documents
Simile	Etap, MetaPHOR	Windows	Polymorphic				The Mental Driller	The metamorphic code accounts for around 90% of the virus' code
SMEG engine		DOS	Polymorphic	1994		United Kingdom	The Black Baron	Two viruses were created using the engine: Pathogen and Queeg.
Stoned		DOS	Boot sector virus	1987	Wellington			One of the earliest and most prevalent boot sector viruses
Jerusalem	Sunday, Jerusalem-113, Jeruspain, Suriv, Sat13, FuManchu	DOS	File virus	1987-10	Seattle			Virus coders created many variants of the virus, making Jerusalem one of the largest families of viruses ever created. It even includes many sub-variants and a few sub-sub-variants.
WannaCry	WannaCrypt, WannaCryptor	Windows	Ransomware Cryptoworm	2017	World	North Korea
WDEF	WDEF A	Classic Mac OS		1989.12.15				Given the unique nature of the virus, its origin is uncertain.
Whale		DOS	Polymorphic	1990-07-01		Hamburg	R Homer	At 9216 bytes, was for its time the largest virus ever discovered.
ZMist	ZMistfall, Zombie.Mistfall	Windows		2001		Russia	Z0mbie	It was the first virus to use a technique known as "code integration".
Xafecopy		Android	Trojan	2017
Zuc	Zuc.A., Zuc.B, Zuc.C	Classic Mac OS		1990.03	Italy	Italy

Related lists

Unusual subtypes

Notable instances

Conficker
Creeper virus - The first malware that ran on ARPANET
ILOVEYOU
Leap - Mac OS X Trojan horse
Shamoon a wiper virus with stolen digital certificates destroyed over 35,000 computers owned by Saudi Aramco.
Storm Worm - A Windows trojan horse that forms the Storm botnet
Stuxnet First destructive ICS-targeting Trojan which destroyed part of Iran's nuclear program. The virus destroyed the centrifuge components making it impossible to enrich uranium to weapons grade.

Similar software

Security topics

References

^ ^a ^b ^c Vincentas (11 July 2013). "Computer Viruses in SpyWareLoop.com". Spyware Loop. Archived from the original on 21 September 2013. Retrieved 28 July 2013.

External links

The WildList, by WildList Organization International
List of Computer Viruses - listing of the Latest Viruses by Symantec.
List of all viruses All viruses cataloged in Panda Security's Collective Intelligence servers.

Conclusion

Due to the continuous evolution of computer viruses and malware, virus naming conventions and classifications will continue to present challenges, making standardized virus databases essential for global cybersecurity.