The Worst Malware Ever (and What It Teaches Us About Malware of the Future)

The Worst Malware Ever
(and What It Teaches Us About Malware of the Future)

Every day, software development companies discover a new malware variant (actually, 360 thousand variants) worming its way across the web and onto users’ devices. For the most part, these new malicious programs contain recognizable elements and exhibit in predictable patterns, making them worthy of adding to antivirus signature lists but not quite worth reporting on to the general public.

However, every once in a while, a notable malware attack occurs. These attacks mark a significant shift from the most popular attacks of the day, and in doing so, they tend to attack more, larger and weightier targets than their peers. As a result, these samples of malware often influence how malware is developed and launched going forward. In turn, this affects how security firms develop malware removal strategies for years to come.

If you want to know what the malware of the future looks like, you need to dive into the past — so without further ado, here are the most influential malware ever, and what it means for device security in the coming years.


Melissa wasn’t the first malware in the wild, but it was one of the first developed for truly malicious purposes and one of the first to do real damage with its spread. In 1999, Melissa pretended to be a Word file containing passwords to — ahem — adult websites, but when opened, the file sent the virus to the first 50 people in the user’s email address book. Because so many users were duped so quickly, an overwhelming surge in email traffic within government agencies and corporations slowed and crashed networks, resulting in $1.1 billion in damages.

The lesson here is one that everyday computer users still fail to grasp: No matter how alluring the contents of an unfamiliar email attachment might be, they aren’t worth crashing your computer, your business’s networks and half of the government.

SQL Slammer

Within 15 minutes of being released into the wild, SQL Slammer essentially crashed the internet. Though some systems were able to recover in a comparable timeframe, others remained out of service for much longer; for instance, Bank of America’s ATMs and Continental Airlines communications systems were both rendered useless. In 2003, experts estimated that the worm caused between $950 and $1.2 billion in damage, globally.

The lesson from SQL Slammer is one of updates: Microsoft released a patch that would have prevented much of SQL Slammer’s success in the year prior to the attack, but too many network administrators failed to download and apply the patch. Updates are important and should be installed automatically.


Zeus was among the first Trojan horse malware types discovered floating around the web in 2007, but two years after that it became one of the most notorious. In that short amount of time, the virus compromised more than 74,000 FTP accounts from major corporations and banks, including Amazon, Bank of America and Cisco. Then, Zeus created a botnet that is still used to steal login details for social networks, banks, email accounts and more. At its height, Zeus claimed more than 1 million computers, and estimates suggest its authors have gained more than $70 million in profits.

Though the original Zeus Trojan is so well-worn that even the simplest antivirus program can protect against it, other Zeus variants pop up every day. Just because hackers have found success with one malware doesn’t mean they will stop; Zeus lives on in other forms, and it takes constant vigilance to protect against it.

Operation Aurora

Unlike the major malware that came before, Operation Aurora was a targeted malware attack in 2009 on tech giants including Google, Adobe and Yahoo. Coming from China, the malware’s goal was to steal corporate intellectual property at a time when these companies were producing unrivaled content. This resulted in the first international discussions about cybercrime as well as internet censorship in China.

Whether or not you have a tech business, it’s important to remember that everyday private users are no longer the primary targets of cybercrime. Small, medium and large businesses contain much more data — and have way more vulnerabilities — than the average person. Thus, if you do have a business you need to be extra sure you keep it safe from cyber attack.

Though these examples of successful malware attacks aren’t exactly recent, they continue to have ripple effects on how we approach malware detection and prevention today. You should always strive to learn from the past to protect your future — especially when it comes to something as fast-paced as malware.