Before WannaCry: 5 Nasty Computer Worms That Spread Quickly And Caused Big Time Damage

Worms! Gross!

The world hasn't heard too much about computer worms in recent years, at least not ones that go after the general populace and businesses. (Stuxnet, of course, was a worm targeted at industrial plants). The arrival of the WannaCry attack, however, combines a computer worm with ransomware to create an unusually fast-spreading and debilitating attack.

"WannaCry is different from anything we've ever seen before in that it's a union of the old and new," said Haiyan Song, senior vice president of security markets at Splunk, in an email to CRN. "When you combine WannaCry ransomware and a worm this powerful, there's no surprise the result is a global attack."

Compared to other ransomware attacks, WannaCry "is differentiated by a worm that spreads the ransomware as quickly as possible to as many machines as possible," cybersecurity firm CyberArk wrote on its blog.

But how does WannaCry stack up against previous computer worms? In the following slides, we share details on five other serious computer worms that've struck the globe since the start of the 21st century.


In 2008 and 2009, the Conficker worm infected at least 9 million – and possibly as many as 15 million – computers worldwide. The worm exploited a Windows flaw and propagated quickly through users' unpatched Windows operating systems. Conficker relied upon a variety of attack vectors – ranging from brute-force password guessing to hitching rides on USB sticks – as ways to replicate and spread through networks.


In 2000, the ILOVEYOU worm spread to as many as 45 million computers and caused upwards of $10 billion in damages. Its method of spread — an email with "ILOVEYOU" as the subject line — was an early example of social engineering. The email contained an attachment that, when opened, would erase certain computer files and re-send the message to address book contacts.


In 2003, the Sobig worm had several variants, most notably Sobig.F, and spread to millions of Windows computers. The worm temporarily halted rail traffic in Washington, D.C., and Air Canada flights. Sobig spread by email; once one of the worm's emails was opened, it would scan the computer for addresses and send out massive volumes of emails to those addresses.


An early example of malware via the Web, the Nimda worm slowed down Internet traffic in 2001 (initially appearing a week after the Sept. 11 attacks). Nimda spread in part by modifying .htm, .html and .asp pages. The worm also propagated via email attachments and by exploiting vulnerabilities in Microsoft Internet Information Server (IIS).


Another fast-spreading email worm was 2004's MyDoom, which caused damages as high as $250 million. Through an opened email attachment, MyDoom infected Windows computers and used the computers to send junk email. The worm also installed a Trojan on infected computers and used the computers to cripple the website of a software company, The SCO Group, with a denial-of-service attack.