Computer Virus Information Library

Computer Viruses and Other Malware

Welcome to the Computer Virus Information Library, your comprehensive resource for understanding the evolution of malware and enhancing your cybersecurity knowledge. This page offers detailed insights into a wide array of computer viruses, worms, spyware, Trojans, and ransomware that have significantly impacted the digital landscape of the world. Each entry delves into the unique characteristics, historical significance, and the damage inflicted by these malicious programs. Additionally, we provide essential cybersecurity tips and preventive measures to help you safeguard your systems against potential threats. Explore the entries below to deepen your understanding of these digital adversaries and learn how to protect yourself in an ever-evolving cyber world.

Below is an interactive table of notable computer viruses and malware throughout history. You can sort the table by virus name, year, type, or platfor. You can also search the table by name, or filter through descriptions to explore threats that shaped cybersecurity.

Malware Name Year Malware Type Platform Description
8Base 2022 Ransomware Windows A fast-acting strain of ransomware known for its targeted attacks on industries such as healthcare and education. Using encryption and data exfiltration, it pressures victims into paying substantial ransoms.
Adload 2017 Adware macOS Adload is a persistent macOS adware family that hijacks browsers, injects ads, and installs unwanted programs. It uses LaunchAgents, configuration profiles, and evasion techniques to resist removal.
AIDS 1989 Trojan MS-DOS The AIDS Trojan, also known as the PC Cyborg Virus, was the first-known ransomware, distributed via floppy disks in 1989 to extort money from victims by locking access to their computers. Learn how the AIDS Trojan operated, its historical significance in the evolution of ransomware, and how it introduced extortion to the digital world.
Alien 2020 Loader Android Alien is an Android malware loader that installs and supports more advanced payloads, including banking Trojans and spyware like Predator. It acts as both a credential stealer and a delivery mechanism for secondary malware, often spreading through fake apps and phishing schemes.
Amadey 2018 Botnet Windows Amadey is a modular Windows malware that functions as a trojan bot, infostealer, and malware loader, enabling attackers to deploy additional payloads and harvest system data. Active since 2018, it operates as part of a botnet, allowing centralized control over infected devices.
Anatsa 2020 Trojan Android Anatsa is a sophisticated Android banking Trojan that combines credential theft, keylogging, screen recording, and remote access to perform real-time fraud. It targets banking apps across Europe and the U.S., using accessibility abuse and fake app distribution to infect devices.
Anna Kournikova 2001 Worm Windows Also known as the "VBS/SST" virus, Anna Kournikova spread via email, luring users with an attachment claiming to be a photo of the famous tennis player. When opened, it emailed itself to all contacts in the user’s address book. This virus highlighted the dangers of social engineering.
AntiEXE 1994 Boot Sector Virus MS-DOS AntiEXE is an early boot sector computer virus that infects the Master Boot Record (MBR) or boot sectors of floppy disks and hard drives, preventing executable files from running properly. Learn how AntiEXE operates, its methods of infection, and its impact on early computer systems.
Avaddon 2019 Ransomware Windows A ransomware strain known for encrypting files and exfiltrating data, threatening victims with double extortion tactics. Learn how Avaddon operated, its global impact on businesses, and the 2021 takedown that led to the release of decryption keys.
Banshee 2024 Stealer macOS Banshee is a macOS stealer malware designed to exfiltrate sensitive data, including credentials, browser information, and system details. It is part of a growing trend of macOS-targeted malware and is typically distributed through fake or trojanized applications.
BitPaymer 2017 Ransomware Windows BitPaymer is a highly targeted ransomware strain known for attacking large organizations and demanding high-value ransom payments. Learn how BitPaymer operates, its impact on businesses, and how to protect against this sophisticated ransomware threat.
BlackCat 2021 Ransomware Windows, Linux BlackCat ransomware, also known as ALPHV, is a sophisticated strain written in the Rust programming language for cross-platform compatibility. It specializes in targeted attacks using customizable encryption and double extortion to pressure victims.
Cerber 2016 Ransomware Windows A highly sophisticated ransomware first discovered in 2016, known for encrypting victims’ files and demanding payment in cryptocurrency, while using advanced evasion techniques and offering ransomware-as-a-service (RaaS) to affiliates. Learn how Cerber operated, its impact on individuals and organizations worldwide, and its role in the rise of RaaS in the cybercrime ecosystem.
Cerberus 2019 Trojan Android Cerberus is a powerful Android banking Trojan that steals login credentials, intercepts SMS messages, and uses screen overlays to hijack financial apps. Originally sold as malware-as-a-service, Cerberus leaked publicly in 2020 and continues to resurface in modified forms.
Cl0p 2019 Ransomware Windows Cl0p ransomware is a notorious malware strain known for targeting large organizations with encryption and double extortion tactics. It gained widespread attention for exploiting vulnerabilities like those in the MOVEit software to compromise sensitive data.
CloudMensis 2022 Spyware macOS CloudMensis is a macOS spyware that uses cloud storage services to exfiltrate stolen data and receive commands. Discovered in 2022, it targets Apple users for surveillance and data theft through sophisticated, staged attacks.
Code Red 2001 Worm Windows CodeRed is a notorious computer worm that exploited vulnerabilities in Microsoft IIS web servers in 2001, causing widespread denial-of-service (DoS) attacks and website defacements. Learn how CodeRed spread rapidly across the internet, its impact on global networks, and how it influenced cybersecurity practices.
Conficker (Downadup) 2008 Worm Windows One of the most widespread and sophisticated computer worm, Conficker exploited a Windows vulnerability, creating one of the largest botnets ever seen. It infected government, military, and personal computers, but its exact purpose remains largely unknown.
Conti 2020 Ransomware Windows Conti ransomware is a destructive malware operated by a sophisticated cybercriminal group, leveraging rapid encryption and data theft to extort victims. It has been linked to high-profile attacks on critical infrastructure and healthcare systems.
CoolWebSearch 2003 Spyware Windows CoolWebSearch is a spyware and browser hijacker that redirects users to malicious search pages, installs toolbars, and tracks browsing activity. It was infamous in the early 2000s for its resilience, difficult removal, and aggressive behavior on Windows systems.
CovidLock 2020 Ransomware Android CovidLock is a mobile ransomware that exploited public fear during the COVID-19 pandemic by locking Android devices and demanding ransom payments to unlock them. Learn how CovidLock spread through fake coronavirus tracking apps and how to protect mobile devices from similar ransomware threats.
Cridex 2011 Trojan Windows Cridex, also known as Bugat or Feodo, is a banking Trojan designed to steal online banking credentials and facilitate financial fraud. Learn how Cridex works, its role in cybercrime history, and how to protect against similar banking malware.
CryptoLocker 2013 Ransomware Windows CryptoLocker was one of the earliest and most infamous ransomware strains, encrypting victims' files and demanding payment for decryption. Learn about its methods, impact, and how it changed the ransomware landscape.
DarkComet 2008 Trojan Windows DarkComet is a Windows-based remote access Trojan (RAT) that allows attackers to spy on victims, steal data, and control infected systems remotely. Though development stopped in 2012, it remains in circulation today due to leaked source code and ease of use.
DarkSide 2020 Ransomware Windows This ransomware emerged in 2020 as a ransomware-as-a-service (RaaS) operation, known for its double extortion tactics, encrypting files and threatening to leak stolen data. Learn how DarkSide targeted high-profile organizations, including the Colonial Pipeline, and its role in the evolution of ransomware attacks.
DoppelPaymer 2019 Ransomware Windows DoppelPaymer is a highly targeted ransomware variant known for encrypting critical data and leveraging double extortion tactics, including data theft and public exposure threats. Learn how DoppelPaymer operates, its impact on businesses and government entities, and how to protect against it.
DoublePulsar 2017 Backdoor Windows DoublePulsar is a Windows backdoor implant used to remotely execute code on compromised systems. It was deployed after exploitation by the EternalBlue SMB vulnerability and later became widely associated with WannaCry ransomware.
Dridex 2014 Trojan Windows Dridex is a sophisticated banking Trojan designed to steal online banking credentials, facilitating financial theft and fraud. Learn how Dridex works, its methods of infection, and how to protect against this dangerous malware.
Egregor 2020 Ransomware Windows Egregor is a ransomware strain known for encrypting victims’ data and using double extortion tactics by leaking stolen information if the ransom is not paid. Learn how Egregor targeted businesses worldwide, its links to previous ransomware groups, and best practices to defend against this aggressive malware.
Elk Cloner 1982 Boot Sector Virus Apple II Elk Cloner is the first known virus to spread “in the wild” on personal computers, specifically targeting Apple II systems via infected floppy disks. Written in 1982 as a prank, it laid the groundwork for future viruses by demonstrating how self-replicating code could propagate outside controlled environments.
Elkern 2002 Virus Windows Elkern is a Windows file-infecting virus that corrupts executable files and was most often delivered as a payload by variants of the Klez worm. It spreads by attaching itself to .exe files and disabling security tools, leading to system instability and data loss.
Emotet 2014 Trojan Windows Emotet is a highly sophisticated banking Trojan that evolved into a powerful malware delivery platform. Learn how Emotet spreads, its impact, and how to protect your systems.
EvilQuest 2020 Ransomware macOS EvilQuest is a macOS ransomware disguised as pirated software that encrypts files and installs spyware to monitor and steal user data. It combines file locking with keylogging and backdoor access, making it unusually aggressive for Mac-targeted malware.
FakeAV (Fake Antivirus) 2000 Scareware Windows FakeAV, also known as rogue security software or scareware, tricks users into believing their systems are infected and pressures them into purchasing fraudulent antivirus programs. Learn how FakeAV operates, its social engineering tactics, and how to protect against this widespread scam.
FinFisher mid 2000s Spyware Windows, macOS, Linux, Android, iOS FinFisher, also known as FinSpy, is a commercial spyware suite used by governments and law enforcement for surveillance and data exfiltration. It captures keystrokes, intercepts communications, and is often delivered through phishing or software exploits.
Fireball Adware 2017 Adware Windows Fireball is a widespread adware campaign that hijacks web browsers to generate fraudulent ad revenue and can potentially download malicious files. Learn how Fireball works, its global impact, and how to protect your systems from similar threats.
Flashback 2011 Trojan macOS Flashback is a notorious Mac malware first discovered in 2011, which infected over 600,000 Apple computers by exploiting Java vulnerabilities and tricking users with fake Flash Player installers. Learn how Flashback created one of the largest Mac botnets in history and how it changed the landscape of Mac cybersecurity.
FlexiSPY mid 2000s Spyware Android, iOS FlexiSPY is commercial spyware that monitors calls, messages, GPS, and app activity on Android and iOS devices. Often marketed for parental or employee monitoring, it’s widely abused for stalkerware and unauthorized surveillance.
FluBot 2020 Trojan Android FluBot is an Android banking trojan that spread aggressively via SMS, tricking users into installing malware disguised as delivery tracking apps. It stole credentials, SMS messages, and contact lists while propagating itself to new victims through text messages.
FormBook 2016 Stealer Windows FormBook is a Windows info-stealer that captures keystrokes, extracts credentials, and takes screenshots. Sold as malware-as-a-service, it’s widely used in phishing campaigns and often delivered through malicious email attachments.
Fruitfly 2017 Spyware macOS Fruitfly is a macOS malware used for covert surveillance, enabling attackers to capture keystrokes, screenshots, and webcam activity. Discovered in 2017 but active for years before, it targeted individuals and institutions through stealthy, long-term spying.
Gafgyt 2014 Botnet Linux Gafgyt is a Linux-based malware that turns routers and IoT devices into bots for launching distributed denial-of-service (DDoS) attacks. It spreads through brute-force login attempts and exploits against poorly secured connected devices.
Gameover Zeus 2011 Botnet Windows Gameover Zeus was a powerful peer-to-peer botnet primarily used for banking credential theft and distributing ransomware like CryptoLocker. Learn how it worked, its global impact, and how it was eventually taken down.
GPCoder 2005 Ransomware Windows GPCoder is an early ransomware strain that encrypts files on infected systems and demands ransom payments for decryption. Learn how GPCoder operates, its historical significance in ransomware evolution, and how to protect against similar threats.
Here You Have 2010 Worm Windows This email-based worm spread with the subject “Here you have” and contained a malicious link masquerading as a PDF file. It caused considerable damage, particularly within large organizations, as it quickly replicated through email contacts.
Hermit 2022 Spyware Android, iOS Hermit is a commercial spyware platform targeting Android and iOS devices, used for surveillance through zero-day exploits and fake app delivery. It gives attackers full access to messages, calls, cameras, and device data.
Hive 2021 Ransomware Windows Hive ransomware is a ransomware-as-a-service (RaaS) platform that aggressively targets healthcare, energy, and education sectors. Using double extortion tactics, Hive exfiltrates and encrypts data, demanding payment under the threat of publicizing sensitive information.
IceXLoader 2022 Loader, Stealer Windows IceXLoader is a Windows-based malware loader that delivers additional payloads while also stealing sensitive user data. Sold as malware-as-a-service (MaaS), it spreads via phishing and cracked software, targeting individuals and businesses alike.
ILOVEYOU 2000 Worm Windows The ILOVEYOU virus is one of the most devastating computer worms in history, released in 2000, spreading via email with a love letter-themed attachment that, once opened, overwrote files and sent itself to all contacts in the victim's address book. Learn how ILOVEYOU exploited social engineering, its massive global impact, and its legacy in cybersecurity awareness and email protection.
Invisible Keylogger Stealth 2001 Spyware Windows Invisible Keylogger Stealth is commercial surveillance software that secretly records keystrokes, passwords, emails, and application activity on Windows systems. It runs in the background with no visible interface, making it ideal for unauthorized monitoring and abuse.
Kinsing 2020 Cryptominer Linux A Linux malware that targets misconfigured cloud services and containers to deploy crypto-miners. It spreads through exposed ports and exploits, leaving systems slow, compromised, and monetized for attackers.
Klez 2001 Worm Windows Klez is a highly polymorphic Windows email worm that spread rapidly in 2001–2002 by exploiting vulnerabilities in Microsoft Outlook and Internet Explorer. It spoofed email senders, disabled antivirus software, and delivered a range of destructive and non-destructive payloads.
Kovter 2013 Trojan Windows Kovter is a stealthy Windows malware known for its fileless persistence and use in click fraud, ransomware, and data theft campaigns. It hides in the Windows registry, making detection and removal difficult.
LemonDuck 2019 Worm Linux, Windows LemonDuck is a cross-platform worm that spreads through email, exploits, and brute force attacks to install cryptominers, steal data, and deliver malware. It targets both Windows and Linux systems and is known for its aggressive propagation and persistence mechanisms.
LockBit 2019 Ransomware Windows LockBit ransomware is a highly advanced strain that employs a ransomware-as-a-service (RaaS) model to target businesses worldwide. Known for its speed and evasion techniques, it uses double extortion to maximize the impact on victims.
LockerPin 2014 Ransomware Android LockerPin is a mobile ransomware targeting Android devices by resetting the device’s PIN code and locking users out until a ransom is paid. Learn how LockerPin exploited device administrator rights, its impact on mobile security, and how to remove it without paying the ransom.
Locky 2016 Ransomware Windows Locky is a notorious ransomware strain first discovered in 2016, known for encrypting victims' files and demanding Bitcoin payments for decryption. Learn how Locky works, its widespread impact during its peak, and how to protect systems against similar ransomware threats.
LummaC2 2022 Stealer Windows LummaC2 is a malware-as-a-service info-stealer that targets Windows systems to extract credentials, browser data, and crypto wallets. It spreads through phishing and malicious downloads, and has been active since 2022.
MacStealer 2023 Stealer macOS MacStealer is an info-stealer malware designed to harvest passwords, cookies, and cryptocurrency wallet data from macOS systems. First identified in 2023, it spreads via fake app installers and targets macOS versions running Intel and Apple Silicon chips.
Maze 2019 Ransomware Windows Maze ransomware pioneered the double extortion tactic by encrypting victims’ data and threatening to publish stolen information unless the ransom was paid. Learn how Maze operated, its impact on global organizations, and how it shaped modern ransomware attacks.
Medusa 2024 Ransomware Windows Medusa ransomware emerged in 2024, targeting critical sectors with sophisticated encryption and extortion methods. Its operators leverage double extortion to maximize pressure on victims, threatening to publish sensitive data.
Melissa 1999 Macro Virus Windows One of the first major email-based viruses, Melissa spread through infected Microsoft Word documents. It infected computers by sending itself to the first 50 contacts in each infected user’s address book, creating widespread disruptions and overwhelming email servers.
Mirai 2016 Botnet Linux (IoT) Mirai is a notorious botnet malware that hijacks Internet of Things (IoT) devices to launch large-scale distributed denial-of-service (DDoS) attacks. Learn how Mirai works, its global impact, and how it changed the landscape of IoT security.
MoonBounce 2022 Rootkit Windows MoonBounce is a stealthy UEFI rootkit that resides in motherboard firmware, allowing it to persist across OS reinstalls and evade traditional detection. Discovered in 2022, it marks a significant evolution in low-level malware tied to espionage campaigns.
Morris 1988 Worm Unix The first widely recognized worm, the Morris Worm spread through the internet by exploiting Unix vulnerabilities, slowing down computers and even bringing parts of the early internet to a halt. Its creation led to the formation of the Computer Emergency Response Team (CERT).
Mozi 2019 Botnet Linux (IoT) A Linux-based botnet malware that targets routers and IoT devices to launch DDoS attacks and spread further infections. It uses weak credentials and known exploits to build a massive peer-to-peer botnet.
mSpy 2010 Spyware Android, iOS mSpy is commercial spyware designed to monitor calls, texts, GPS, and app usage on Android and iOS devices. Though marketed for parental control, it’s frequently used as stalkerware in domestic abuse and unauthorized surveillance cases.
Mydoom 2004 Worm Windows Mydoom is one of the fastest-spreading email worms in history, first detected in 2004, designed to create backdoors in infected computers and launch Distributed Denial-of-Service (DDoS) attacks against targeted websites. Learn how Mydoom worked, its global impact on internet services, and its legacy as one of the most damaging malware outbreaks to date.
Necurs 2012 Botnet Windows Necurs was one of the largest and most resilient botnets, responsible for distributing spam, malware, and ransomware—including Locky and Dridex—on a global scale. Learn how Necurs worked, its role in cybercrime campaigns, and how international cooperation led to its takedown.
Nimda 2001 Worm Windows One of the most complex viruses at the time, Nimda spread through email, network shares, and compromised websites. It disrupted internet traffic and infected computers at an unprecedented rate, just a week after the Code Red outbreak.
NotPetya 2017 Ransomware Windows NotPetya is a destructive ransomware variant that masqueraded as traditional ransomware but functioned as a wiper, causing massive data loss and financial damage. Learn how NotPetya operated, its global impact, and how it reshaped cybersecurity strategies worldwide.
Olympic Vision 2016 Keylogger Windows Olympic Vision is a type of keylogging malware designed to secretly record keystrokes, capturing sensitive data such as usernames, passwords, and financial information. Learn how Olympic Vision works, its impact on personal and organizational cybersecurity, and how to detect and prevent keylogger infections.
OSX/Dok 2017 Trojan macOS OSX/Dok is a macOS malware that intercepts all network traffic by installing a malicious proxy and SSL certificate. Disguised as a document-related app, it targets users via phishing to gain root access and monitor secure communications.
OSX.FakeFileOpener 2015 Trojan macOS A macOS adware that hijacks default file associations and opens files using shady, ad-driven applications. It bombards users with pop-ups, redirects, and misleading system behavior.
Pegasus 2016 Spyware Android, iOS Pegasus is an advanced spyware developed by NSO Group, capable of infiltrating smartphones to extract sensitive data and conduct surveillance. Learn how Pegasus works, its global impact, and why it’s considered one of the most sophisticated cyber-espionage tools ever discovered.
Petya 2016 Ransomware Windows Petya is an early ransomware strain that encrypts a system’s Master File Table (MFT), locking the entire system and demanding a ransom for decryption. Learn how Petya operates, its unique methods of infection, and how it paved the way for more destructive variants like NotPetya.
Pirrit 2016 Adware macOS Adware (2016) An aggressive adware family targeting macOS users, known for injecting intrusive ads, redirecting web traffic, and often gaining deep system access through fake installers. Learn how Pirrit evades removal, hijacks browsers, and what steps users can take to eliminate it and prevent future infections.
Play 2022 Ransomware Windows A modern ransomware strain that combines advanced encryption techniques with extortion, threatening victims with data leaks. It gained prominence for large-scale attacks, including one on the City of Dallas in 2023.
PlugX 2008 Trojan Windows PlugX is a modular remote access Trojan (RAT) used by advanced threat actors to steal data, execute commands, and maintain persistence in targeted networks. It has been active since 2008 and is widely associated with cyber espionage operations linked to Chinese APT groups.
Police Locker 2011 Locker Ransomware Android Police Locker Ransomware locks victims' devices with fake law enforcement messages, falsely accusing them of illegal activity and demanding a "fine" for system access restoration. Learn how Police Locker Ransomware works, its scare tactics, and how to protect your devices from this type of ransomware.
Polyboot.B 1990s Boot Sector Virus MS-DOS A polymorphic boot-sector virus, Polyboot.B could change its code each time it replicated, making it harder to detect. It infected the boot sector of hard drives and floppy disks, spreading whenever infected disks were used, and showed early signs of polymorphic virus tactics.
Predator 2021 Spyware Android, iOS Predator is commercial spyware designed to infect Android and iOS devices, giving attackers covert access to messages, microphone, camera, and files. Sold by Cytrox to government clients, Predator has been used in politically motivated surveillance operations.
ProLock 2020 Ransomware Windows ProLock is a sophisticated ransomware strain known for encrypting data on enterprise networks and using double extortion tactics by threatening to leak stolen information. Learn how ProLock operates, its impact on large organizations, and the importance of robust cybersecurity defenses against this ransomware threat.
PwndLocker 2019 Ransomware Windows PwndLocker is a ransomware strain targeting large organizations and municipal networks by encrypting files and demanding substantial ransom payments. Learn how PwndLocker operates, its tactics, and the best practices to prevent and recover from its attacks.
QakBot (QBot) 2008 Macro Virus Windows A sophisticated banking Trojan that began as a macro-based malware in 2008, designed to steal banking credentials and facilitate the delivery of additional malware, including ransomware. Learn how QakBot evolved from a macro virus to a major player in cybercrime operations, targeting financial institutions and businesses worldwide.
Raccoon Stealer 2019 Stealer Windows Raccoon Stealer is a Windows infostealer that collects credentials, cookies, autofill data, and cryptocurrency wallets from infected systems. Sold as malware-as-a-service, it spreads via phishing, exploit kits, and malware loaders.
RansomHub 2024 Ransomware Windows RansomHub ransomware is a rising threat known for disrupting operations in high-value sectors like healthcare and energy. Operating as a ransomware-as-a-service (RaaS), it uses encryption and data theft to extort victims.
Raspberry Robin 2021 Worm Windows Raspberry Robin is a Windows worm that spreads via infected USB drives and external devices, later installing additional malware through compromised infrastructure. It’s linked to various ransomware operators and threat groups and uses unusual persistence and delivery techniques.
RCSAndroid 2015 Spyware Android RCSAndroid is a sophisticated Android spyware component of the Remote Control System (RCS) surveillance suite. It enables covert monitoring of calls, messages, location data, and device activity, typically in targeted operations.
RedLine Stealer 2020 Stealer Windows An advanced information-stealing malware first detected in 2020, designed to harvest sensitive data such as login credentials, credit card information, cryptocurrency wallets, and browser-stored data from infected systems. Learn how RedLine Stealer operates, its role in the cybercrime ecosystem, and how it facilitates identity theft and financial fraud.
Reveton 2012 Ransomware Windows Reveton is a police-themed ransomware, known for locking users’ screens with fake law enforcement warnings and demanding fines for supposed illegal activities. Learn how Reveton exploited fear tactics, its role in the rise of ransomware scams, and how to defend against similar threats.
REvil (Sodinokibi) 2019 Ransomware Windows REvil is a highly sophisticated ransomware-as-a-service (RaaS) operation known for large-scale attacks, data theft, and massive ransom demands. Learn how REvil works, its high-profile attacks, and how organizations can defend against this dangerous threat.
Ryuk 2018 Ransomware Windows Ryuk is a highly targeted ransomware strain known for crippling large organizations and demanding multi-million-dollar ransom payments. Learn how Ryuk operates, its devastating impact, and how to defend against this dangerous ransomware.
Sasser 2004 Worm Windows Sasser was a self-spreading Windows worm from 2004 that exploited a vulnerability in LSASS to crash systems and slow networks. It spread without user interaction, hitting banks, airlines, hospitals, and governments worldwide.
SearchMine 2019 Adware macOS SearchMine is a browser hijacker targeting macOS users, redirecting searches through fake engines and modifying browser settings without permission. It changes homepage settings and resists removal. It spreads via deceptive installers and is often bundled with other unwanted software.
Sekhmet 2020 Ransomware Windows Sekhmet is a ransomware strain used in targeted attacks to encrypt files and extort victims for payment in cryptocurrency. It is linked to the same threat actors behind Egregor and Maze, and is known for data theft and double extortion tactics.
ShadowPad 2017 Backdoor Windows ShadowPad is a modular Windows backdoor used in targeted intrusions to provide remote control, plugin-based capabilities, and covert data theft. It is often linked to espionage-focused operations and has appeared in multiple supply-chain and high-impact campaigns.
Shamoon 2012 Ransomware Windows Shamoon is a highly destructive malware, often categorized as a wiper, that masquerades as ransomware but is designed to destroy data and cripple organizations, primarily targeting the energy sector. Learn how Shamoon works, its devastating impact, and its role in major cyberattacks against critical infrastructure.
SharkBot 2021 Trojan Android SharkBot is a sophisticated Android banking Trojan that steals credentials, intercepts SMS messages, and performs unauthorized money transfers. It targets banking and financial apps using overlay attacks and accessibility abuse to bypass security controls.
Shlayer 2018 Trojan macOS Shlayer is a macOS malware dropper that disguises itself as a Flash Player update to install adware and unwanted programs. It is one of the most widespread threats targeting Mac users, often bypassing built-in defenses.
Silver Sparrow 2021 Adware macOS A mysterious macOS malware discovered on both Intel and M1 Macs that silently waits for commands from a remote server. Though its payload remains unclear, its presence and infrastructure suggest a serious threat.
Simplocker 2014 Ransomware Android Simplocker is the first widespread Android ransomware that encrypts files on mobile devices and demands a ransom for decryption. Learn how Simplocker pioneered mobile ransomware attacks and how to protect your Android device from similar threats today.
Smoke Loader 2011 Loader Windows Smoke Loader, also known as SmokeLoader, is a Windows malware loader that delivers additional payloads like stealers, ransomware, or botnets. Active since 2011, it is known for its modularity, evasion tactics, and role in multi-stage cyberattacks.
Sobig.F 2003 Worm Windows Sobig.F is a fast-spreading email and network worm that infected millions of Windows systems in 2003, primarily via malicious attachments. It disabled security tools, harvested email addresses, and used a built-in mail engine to propagate aggressively.
Sony BMG Rootkit 2005 Rootkit Windows The Sony BMG Rootkit was a controversial digital rights management (DRM) software that secretly installed itself on users' computers, exposing them to serious security vulnerabilities. Learn how the rootkit worked, its impact on cybersecurity, and the fallout from one of the most infamous DRM scandals in history.
SpyNote 2016 Trojan Android SpyNote is an Android remote access Trojan (RAT) that allows attackers to spy on users, steal data, and remotely control infected devices. It spreads through fake apps, phishing links, and modified APKs.
SQL Slammer 2003 Worm Windows Known for its speed, SQL Slammer spread to over 75,000 systems within 10 minutes, exploiting a buffer overflow vulnerability in Microsoft’s SQL Server. It brought down bank networks, ATM systems, and even affected South Korea's internet.
STOP/Djvu 2018 Ransomware Windows STOP/Djvu is a prolific ransomware family that encrypts files on Windows systems and demands payment for decryption. Distributed through cracked software, fake installers, and malicious ads, it's one of the most widespread ransomware threats affecting home users.
Storm Worm 2007 Worm Windows Spread through misleading emails related to European storms, Storm Worm turned infected PCs into part of a botnet, which could send spam and execute DDoS attacks, compromising millions of computers.
Stuxnet 2010 Worm Windows A sophisticated worm, Stuxnet was designed to target Iran’s nuclear facilities by infecting industrial systems. Believed to be a joint U.S.-Israeli operation, it marked the first cyberweapon to have major geopolitical consequences.
SUNBURST 2020 Backdoor Windows SUNBURST is a stealthy Windows backdoor delivered through a compromised software update, giving attackers remote access and a launch point for further intrusion. It is best known for its role in the SolarWinds Orion supply-chain attack, where it enabled selective targeting and long-term espionage.
SunCrypt 2020 Ransomware Windows SunCrypt is a ransomware strain that emerged in 2020, employing double extortion tactics by encrypting data and threatening to publish stolen information if the ransom isn't paid. Learn how SunCrypt works, its impact on organizations, and strategies to protect against it.
Svpeng 2013 Ransomware Android A mobile ransomware and banking Trojan known for locking Android devices and displaying fake law enforcement warnings demanding ransom payments. Learn how Svpeng evolved from a banking Trojan into ransomware, targeting mobile users with social engineering and financial theft tactics.
TeslaCrypt 2015 Ransomware Windows TeslaCrypt is a ransomware strain first discovered in 2015, originally targeting gamers by encrypting game-related files before evolving to encrypt a wide range of data and demanding payment in cryptocurrency for decryption. Learn how TeslaCrypt operated, its impact on victims, and the surprising release of its master decryption key by its creators in 2016.
TrickBot 2016 Trojan Windows TrickBot is a modular banking Trojan that evolved into a sophisticated malware platform used for credential theft, banking fraud, and delivering ransomware. Learn how TrickBot works, its impact on global cybercrime, and how to protect against it.
Ursnif 2007 Trojan Windows Ursnif, also known as Gozi, is a sophisticated banking Trojan designed to steal financial data, credentials, and sensitive information from infected systems. Learn how Ursnif evolved into one of the most widespread financial malware threats and how to protect against its credential-stealing capabilities.
WannaCry 2017 Ransomware Windows A highly destructive ransomware attack, WannaCry exploited a vulnerability in Windows systems, encrypting files and demanding Bitcoin payments for decryption. It infected over 230,000 computers worldwide, particularly affecting healthcare systems and critical infrastructure.
WhisperGate 2022 Wiper Windows WhisperGate is a destructive malware disguised as ransomware, targeting Ukrainian organizations with data-wiping capabilities rather than actual encryption. Learn how WhisperGate operates, its role in cyber warfare, and how it differs from traditional ransomware attacks.
WinLocker 2007 Ransomware Windows An early form of ransomware that locks victims out of their Windows operating system by displaying a full-screen message, preventing access to the desktop until a ransom is paid. Learn how WinLocker operated, its role in the evolution of ransomware, and why it marked a shift from scareware to more aggressive extortion tactics.
Witty 2004 Worm Windows Witty is a destructive Windows worm that rapidly spread in 2004 by exploiting a vulnerability in a widely used security product. It overwrote data on infected systems and caused immediate disk corruption, despite having no financial motive.
XCSSET 2020 Trojan macOS A macOS malware that targets developers by injecting malicious code into Xcode projects. It steals data, hijacks browsers, and abuses Apple developer tools to persist and spread.
XLoader 2020 Stealer macOS, Windows XLoader is a cross-platform malware that steals credentials, captures keystrokes, and exfiltrates data, primarily targeting Windows and macOS. It evolved from FormBook and is sold as malware-as-a-service on underground forums.
Ywinz 2000 Trojan Windows Ywinz is a multipartite virus capable of infecting both the boot sector of a computer's hard drive and executable files, making it highly versatile and persistent. Learn how Ywinz operated, its dual infection strategy, and its role in the evolution of complex malware threats.
ZeroAccess 2009 Rootkit Windows ZeroAccess is a stealthy Windows rootkit and Trojan that created a massive botnet used for click fraud and cryptocurrency mining. It hides deep in the system, disables security tools, and uses advanced techniques to maintain persistence and evade detection.
Zeus 2007 Trojan Windows Zeus is a stealthy banking Trojan designed to steal login credentials and financial data through browser injection and keylogging. It powered a wave of cybercrime and spawned many dangerous variants still active today.
Zlob 2005 Trojan Windows A deceptive malware, often disguised as a video codec or software update, that installs spyware and rogue security software on infected systems. Learn how Zlob tricked users into downloading it, its role in the rise of fake antivirus scams, and its impact on early cybersecurity awareness.

 

Cybersecurity Recommendations

Here's a comprehensive list of recommendations to protect computers and other devices from a variety of cyber threats, including viruses, worms, Trojans, botnets, spyware, and phishing attacks:

1. Install Reliable Antivirus Software

2. Use Firewalls

3. Keep Operating Systems and Software Updated

4. Avoid Suspicious Links and Attachments

5. Use Strong, Unique Passwords

6. Enable Multi-Factor Authentication (MFA)

7. Be Wary of Phishing Scams

8. Use Secure Wi-Fi Networks

9. Limit User Privileges

10. Back Up Data Regularly

11. Disable Auto-Run for External Devices

12. Download Apps and Software Only from Trusted Sources

13. Use a Virtual Private Network (VPN)

14. Educate Yourself and Stay Informed

15. Regularly Clear Cache and Delete Cookies

16. Use Email Filtering and Anti-Spam Tools

17. Disable Unnecessary Services and Ports

By following these recommendations, users can enhance the security of their devices, safeguarding personal and business information from a wide range of cyber threats.

 

 

« Back to the Computer Virus Types article, or
« Back to the Security Center