Comparison of computer viruses

From HandWiki
Short description: none

The compilation of a unified list of computer viruses is made difficult because of naming. To aid the fight against computer viruses and other types of malicious software, many security advisory organizations and developers of anti-virus software compile and publish lists of viruses. When a new virus appears, the rush begins to identify and understand it as well as develop appropriate counter-measures to stop its propagation. Along the way, a name is attached to the virus. As the developers of anti-virus software compete partly based on how quickly they react to the new threat, they usually study and name the viruses independently. By the time the virus is identified, many names denote the same virus.

Another source of ambiguity in names is that sometimes a virus initially identified as a completely new virus is found to be a variation of an earlier known virus, in which cases, it is often renamed. For example, the second variation of the Sobig worm was initially called "Palyh" but later renamed "Sobig.b". Again, depending on how quickly this happens, the old name may persist.

Scope

In terms of scope, there are two major variants: the list of "in-the-wild" viruses, which list viruses in active circulation, and lists of all known viruses, which also contain viruses believed not to be in active circulation (also called "zoo viruses"). The sizes are vastly different: in-the-wild lists contain a hundred viruses but full lists contain tens of thousands.

Comparison of viruses and related programs

Virus Alias(es) Types Subtype Isolation Date Isolation Origin Author Notes
1260 V2Px DOS Polymorphic[1] 1990 First virus family to use polymorphic encryption
4K 4096 DOS 1990-01 The first known MS-DOS-file-infector to use stealth
5lo DOS 1992-10 Infects .EXE files only
Abraxas Abraxas5 DOS,
Windows 95, 98
[1] 1993-04 Europe ARCV group Infects COM file. Disk directory listing will be set to the system date and time when infection occurred.
Acid Acid.670, Acid.670a, Avatar.Acid.670, Keeper.Acid.670 DOS,
Windows 95, 98
1992 Corp-$MZU Infects COM file. Disk directory listing will not be altered.
Acme DOS,
Windows 95 DOS
1992 Upon executing infected EXE, this infects another EXE in current directory by making a hidden COM file with same base name.
ABC ABC-2378, ABC.2378, ABC.2905 DOS 1992-10 ABC causes keystrokes on the compromised machine to be repeated.
Actifed DOS
Ada DOS 1991-10 Argentina The Ada virus mainly targets .COM files, specifically COMMAND.COM.
AGI-Plan Month 4-6 DOS Mülheim AGI-Plan is notable for reappearing in South Africa in what appeared to be an intentional re-release.
AI DOS
AIDS AIDSB, Hahaha, Taunt DOS 1990 AIDS is the first virus known to exploit the DOS "corresponding file" vulnerability.
AIDS II DOS circa 1990
Alabama Alabama.B DOS 1989-10 Hebrew University, Jerusalem Files infected by Alabama increase in size by 1,560 bytes.
Alcon[1] RSY, Kendesm, Ken&Desmond, Ether DOS 1997-12 Overwrites random information on disk causing damage over time.
Ambulance DOS June,1990
Anna Kournikova Email
VBScript
2001-02-11 Sneek, Netherlands Jan de Wit A Dutch court stated that US$166,000 in damages was caused by the worm.
ANTI ANTI-A, ANTI-ANGE, ANTI-B, Anti-Variant Classic Mac OS 1989-02 France The first Mac OS virus not to create additional resources; instead, it patches existing CODE resources.
AntiCMOS DOS January 1994 – 1995 Due to a bug in the virus code, the virus fails to erase CMOS information as intended.
ARCV-n DOS 1992-10/1992-11 England , United Kingdom ARCV Group ARCV-n is a term for a large family of viruses written by the ARCV group.
Alureon TDL-4, TDL-1, TDL-2, TDL-3, TDL-TDSS Windows Botnet 2007 Estonia JD virus
Autostart Autostart.A—D Classic Mac OS 1998 Hong Kong China
Bomber CommanderBomber DOS Bulgaria Polymorphic virus which infects systems by inserting fragments of its code randomly into executable files.
Brain Pakistani flu DOS Boot sector virus 1986-01 Lahore, Pakistan Basit and Amjad Farooq Alvi Considered to be the first computer virus for the PC
Byte Bandit Amiga Boot sector virus 1988-01 Swiss Cracking Association It was one of the most feared Amiga viruses until the infamous Lamer Exterminator.
CDEF Classic Mac OS 1990.08 Ithaca, New York Cdef arrives on a system from an infected Desktop file on removable media. It does not infect any Macintosh systems beyond OS6.
Christmas Tree Worm 1987-12 Germany
CIH Chernobyl, Spacefiller Windows 95, 98, Me 1998-06 Taiwan Taiwan Chen ing-Hau Activates on April 26, in which it destroys partition tables, and tries to overwrite the BIOS.
Commwarrior Symbian Bluetooth worm Famous for being the first worm to spread via MMS and Bluetooth.
Creeper TENEX operating system Worm 1971 Bob Thomas An experimental self-replicating program which gained access via the ARPANET and copied itself to the remote system.
Eliza DOS 1991-12
Elk Cloner Apple II 1982 Mt. Lebanon, Pennsylvania Mt. Lebanon, Pennsylvania Rich Skrenta The first virus observed "in the wild"
Esperanto Esperanto.4733 DOS, MS Windows, Classic Mac OS 1997.11 Spain Spain Mister Sandman First multi-processor virus. The virus is capable of infecting files on computers running Microsoft Windows and DOS on the x86 processor and MacOS, whether they are on a Motorola or PowerPC processor.
Fakesysdef 2010 Trojan targeting the Microsoft Windows operating system. Dispersed as an application called "HDD Defragmenter", a fake system defragmenter.
Form DOS 1990 Switzerland A very common boot virus, triggers on the 18th of any month.
Fun Windows 2008 It registers itself as a Windows system process then periodically sends mail with spreading attachments as a response to any unopened emails in Outlook Express
Graybird Backdoor.GrayBird, BackDoor-ARR Windows Trojan Horse 2003-02-04
Hare DOS,
Windows 95, Windows 98
1996-08 Famous for press coverage which blew its destructiveness out of proportion
ILOVEYOU Microsoft Worm 2000-05-05 Manila, Philippines Michael Buen, Onel de Guzman Computer worm that attacked tens of millions of Windows personal computers
INIT 1984 Classic Mac OS 1992-03-13 Ireland Malicious, triggered on Friday the 13th. Init1984 works on Classic Mac OS System 6 and 7.
Jerusalem DOS 1987-10 Jerusalem was initially very common and spawned a large number of variants.
Kama Sutra Blackworm, Nyxem, and Blackmal 2006-01-16 Designed to destroy common files such as Microsoft Word, Excel, and PowerPoint documents.
Koko DOS 1991-03 The payload of this virus activates on July 29 and February 15 and may erase data on the users hard drive
Lamer Exterminator Amiga Boot sector virus 1989-10 Germany Random encryption, fills random sector with "LAMER"
MacMag Drew, Bradow, Aldus, Peace Classic Mac OS 1987-12 United States Products (not necessarily the Classic Mac OS) were infected with the first actual virus.
MDEF Garfield, Top Cat Classic Mac OS 1990-05-15
Ithaca, New York Infects menu definition resource fork files. Mdef infects all Classic Mac OS versions from 4.1 to 6.
Melissa Mailissa, Simpsons, Kwyjibo, Kwejeebo Microsoft Word macro virus 1999-03-26 New Jersey David L. Smith Part macro virus and part worm. Melissa, a MS Word-based macro that replicates itself through e-mail.
Mirai Internet of Things DDoS 2016
Michelangelo DOS 1991-02-04 Australia Ran March 6 (Michelangelo's birthday)
Mydoom Novarg, Mimail, Shimgapi Windows Worm 2004-01-26 World Russia Mydoom was the world's fastest spreading computer worm to date, surpassing Sobig, and the ILOVEYOU computer worms, yet it was used to DDoS servers.
Navidad Windows Mass-mailer worm 2000-12 South America
Natas Natas.4740, Natas.4744, Natas.4774, Natas.4988 DOS Multipartite, stealth, polymorphic 1994.06 Mexico City United States Priest (AKA Little Loc)
nVIR MODM, nCAM, nFLU, kOOL, Hpat, Jude, Mev#, nVIR.B Classic Mac OS 1987-12 United States nVIR has been known to 'hybridize' with different variants of nVIR on the same machine.
Oompa Leap Mac OSX Worm 2006.02.10 First worm for Mac OSX. It propagates through iChat, an instant message client for Macintosh operating systems. Whether Oompa is a worm has been controversial. Some believe it is a trojan.
OneHalf Slovak Bomber, Freelove or Explosion-II DOS 1994 Slovakia Vyvojar It is also known as one of the first viruses to implement a technique of "patchy infection"
NoEscape.exe Windows
Ontario.1024
Ontario.2048
Ontario SBC DOS 1990-07 Ontario "Death Angel"
Petya GoldenEye, NotPetya Windows Trojan horse 2016 Ukraine Russia Total damages brought about by NotPetya to more than $10 billion.
Pikachu virus 2000-06-28 Asia The Pikachu virus is believed to be the first computer virus geared at children.
Ping-pong Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A, VeraCruz DOS Boot sector virus 1988-03 Turin Harmless to most computers
RavMonE.exe RJump.A, Rajump, Jisx Worm 2006-06-20 Once distributed in Apple iPods, but a Windows-only virus
SCA Amiga Boot sector virus 1987-11 Switzerland Swiss Cracking Association Puts a message on screen. Harmless except it might destroy a legitimate non-standard boot block.
Scores Eric, Vult, NASA, San Jose Flu Classic Mac OS 1988.04 United States Fort Worth, Texas Donald D. Burleson Designed to attack two specific applications which were never released.
Scott's Valley DOS 1990-09 Scotts Valley, California Infected files will contain the seemingly meaningless hex string 5E8BDE909081C63200B912082E.
SevenDust 666, MDEF, 9806, Graphics Accelerator, SevenD, SevenDust.B—G Classic Mac OS Polymorphic 1989-06
Marker Shankar's Virus, Marker.C, Marker.O, Marker.Q, Marker.X, Marker.AQ, Marker.BN, Marker.BO, Marker.DD, Marker.GR, W97M.Marker MS Word Polymorphic, Macro virus 1999-06-03 Sam Rogers Infects Word Documents
Simile Etap, MetaPHOR Windows Polymorphic The Mental Driller The metamorphic code accounts for around 90% of the virus' code
SMEG engine DOS Polymorphic 1994 United Kingdom The Black Baron Two viruses were created using the engine: Pathogen and Queeg.
Stoned DOS Boot sector virus 1987 Wellington One of the earliest and most prevalent boot sector viruses
Jerusalem Sunday, Jerusalem-113, Jeruspain, Suriv, Sat13, FuManchu DOS File virus 1987-10 Seattle Virus coders created many variants of the virus, making Jerusalem one of the largest families of viruses ever created. It even includes many sub-variants and a few sub-sub-variants.
WannaCry WannaCrypt, WannaCryptor Windows Ransomware Cryptoworm 2017 World North Korea
WDEF WDEF A Classic Mac OS 1989.12.15 Given the unique nature of the virus, its origin is uncertain.
Whale DOS Polymorphic 1990-07-01 Hamburg R Homer At 9216 bytes, was for its time the largest virus ever discovered.
ZMist ZMistfall, Zombie Mistfall Windows 2001 Russia Z0mbie It was the first virus to use a technique known as "code integration".
Xafecopy Android Trojan 2017
Zuc Zuc.A., Zuc.B, Zuc.C Classic Mac OS 1990.03 Italy Italy

Related lists

Unusual subtypes

Notable instances

  • Conficker
  • Creeper virus - The first malware that ran on ARPANET
  • ILOVEYOU
  • Leap - Mac OS X Trojan horse
  • Shamoon a wiper virus with stolen digital certificates destroyed over 35,000 computers owned by Saudi Aramco.
  • Storm Worm - A Windows trojan horse that forms the Storm botnet
  • Stuxnet First destructive ICS-targeting Trojan which destroyed part of Iran's nuclear program. The virus destroyed the centrifuge components making it impossible to enrich uranium to weapons grade.

Similar software

Security topics

See also

References

External links