Computer viruses may come and go irrespective of time, but they always exist. Some of them don’t get much attention, but the other ones do terrible damages to the computers and get famous among all computer users. Everyone is familiar with a computer virus nowadays, but it is hard to be completely protected by them, because in a single month thousands of new viruses are being created and over one million viruses are being circulated all over the world.

No doubt you could trace and delete almost most of the computer viruses by updating your antivirus software periodically, but in some cases you will even not be able to know that your computer is actually infected with a virus and that’s why we recommend you to keep updating your knowledge about the latest programs created in order to harm your computer data or even your existence by doing Identity theft.

In our past article we have already covered a lot about Top dangerous Viruses from all over the internet, till 2006. Here is another brand new list of dangerous viruses from the entire digital world so that you could understand that actually what is happening with your machine and how you could solve those issues the right way.

Storm Worm (2007)

Storm Worm is Also Known As:

• Small.dam or Trojan-Downloader.Win32.Small.dam
• CME-711
• W32/Nuwar@MM and Downloader-BAI
• Troj/Dorf and Mal/Dorf
• Trojan.DL.Tibs.Gen!Pac13
• Trojan.Downloader-647
• Trojan.Peacomm
• TROJ_SMALL.EDW Win32/Nuwar
• Win32/Nuwar.N@MM!CME-711
• W32/Zhelatin
• Trojan.Peed
• Trojan.Tibs

It appeared on 17 January 2007 and got in the list of most harmful viruses on the internet. It was said to originate from Russia. It was basically a fastest spreading email spamming virus which was mainly targeted for Microsoft Windows.

It disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film or a News article or a software for anything. And also it infected thousands of computers in the US and Europe using Email with Subject line about a recent weather disaster, “230 dead as storm batters Europe“.

At the end of 30 June 2007 it had infected 1.7 million computers, and it had compromised around 10 million computers by September using Botnetting. A new version of the same Virus was again released on April 1, 2008, with April fool themed subject lines.

How Storm Worm Works

Step 1. Victim gets an email with very mind grabbing Subject line

Step 2. Victim reads the email which says that there is an attachment in the email related to the email subject

Step 3. When the attachment is opened, the malware installs the wincom32 service

Step 4. Wincom32 installation also injects a payload, that works as a backdoor to your system which can be used by the hacker to access your system and its data.

Step 5. It keeps changing its packing code every 10 minutes, so it becomes very hard to trace, In this process the bot also uses fast flux technique to change the IP addresses for its command and control servers.

Conficker (2008)

Conficker is Also Known As:

• Downup
• Downadup
• Kido
• Mal/Conficker-A
• Win32/Conficker.A
• Win32/Conficker.A
• W32.Downadup
• W32/Downadup.A
• Conficker.A
• Net-Worm.Win32.Kido.bt
• W32/Conficker.worm
• Win32.Worm.Downadup.Gen
• Win32:Confi
• WORM_DOWNAD
• Worm.Downadup

A new and more dangerous virus Conficker was detected in November 2008 and it was mainly targeting Microsoft Windows operating System. It infected over 9 to 15 million of computers, which were running on windows 2000 to windows 7 as operating system.

It is the largest known computer worm infection after the 2003 Welchia worm

This was most dangerous virus of 2008 because it affected French navy, UK ministry of defense, Sheffield Hospital network, German Bundeswehr and Norwegian Police. And even Microsoft was set a prize of US$250,000 for any clue about the author of the worm.

This worm specifically targeted users of social networking websites like Facebook, Skype, Yahoo Messenger, and email services such as Gmail, Yahoo Mail, and AOL Mail. With this infection the virus allows the attacker to gather information of banking cards, passwords and personal information using a keylogger. Conficker could also spread itself to all the connected systems on the local network

How Conficker Works

Step 1. It infects the victim’s system by a specially written Remote procedure call (RPC) code which actually includes a shell code that downloads the virus from a server OR it can also get infected by a another infected system on the local network OR by an infected removable media drive.

Step 2. Setting up a backdoor to the system so hacker could connect.

Step 3. Disable System’s basic security protocols such as, Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting

Step 4. It then installs another payloads that can be used for spamming.

Daprosy Worm (2009)

Daprosy Worm is Also Known As:

• Daprosy trojan
• Autorun-AMS
• Autorun-AMW
• Autorun-APL

Daprosy worm infects by a single read1st.Exe file where several dozen clones are created at once bearing the names of compromised folders. It can be easily recognized by the file presence of classified.exe or its other private .exe files which denies to open.

The Worst part is that Daprosy remains Active even in Safe Mode, which makes it difficult to manually remove. Its key logging mechanism is so precise that it captures almost everything typed on the keyboard. This ranks Daprosy as one of the most dangerous viruses of the last decade.

It was primarily recognized as Trojan which steals passwords of online games in the internet cafes by key logging, but later it was publicly announced as Autorun-H, means it is a malicious program which typically attempts to spread by copying itself to removable media devices.

How Daprosy Worm Works

Step 1. Infects the user’s system either by infected email attachment or by infected removable device

Step 2. Starts recording every key pressed on the keyboard

Step 3. Sends all the recorded data to the worm author using an inbuilt mailing system.

Stuxnet Worm (2010)

Stuxnet Worm is Also Known As:

• Rootkit.Tmphider
• W32.Temphid
• W32.Stuxnet

In the middle of June, 2010 Stuxnet worm came into existence, it targets a very specific software on Windows systems named Siemens Step7 software, this software is used to control programmable logic controllers (PLCs), which is widely used in factory assembly lines, amusement rides, or centrifuges for separating nuclear material.

It was believed to be a combined American-Israeli operation which was used as a malicious cyber weapon. The New York Times published it publicly on 1 June 2012 that it was a part of US and Israeli intelligence system and it was named as “Operation Olympic games”.

In starting this worm does no effect on the system and propagates to inner folders of the system, but later it affects badly due to heavily coded by malicious program which designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.

How Stuxnet Worm Works

Step 1. Injected to the target environment via an infected USB flash drive, worm then propagates across the local network

Step 2. Keeps scanning for the Siemens Step7 software on local network computers that are controlling a PLC

Step 3. If conditions are not fulfilled, then Stuxnet becomes dormant inside the computer until Step7 soft is installed

Step 4. If both the conditions are fulfilled, it injects a rootkit onto the PLC and Step7 software and modifies the codes which results in giving unexpected commands to the PLCs

Duqu (2011)

Duqu is Also Known As:

• Duqu.A
• Win32:Duqu [Rtk]
• TR/Duqu.A.1
• Rootkit.Duqu.A
• Rootkit.Duqu.A6
• Html.Trojan.DuquInfostealer-1
• Win32/Duqu.A
• Rootkit.Duqu.A
• Trojan.Win32.Duqu.a
• PWS-Duqu!rootkit
• Trojan:WinNT/Duqu.A

Duqu was discovered on the 1^st of the September 2011, and it was suspected to be similar as Stuxnet worm, but rewritten for a different purpose. It was named as Duqu because it makes files with prefix –DQ.

It was concluded that this virus does not Destruct, it just gathers important information from the computers such as, keystrokes, desktop screenshots, document files. According to McAfee, one of Duqu’s main actions is to steal digital certificates. But in some cases it has been seen that it have deleted recently added information in the personal computer, and some more cases also show that it sometimes deletes the entire hard drive.

Symantec discovered Duqu malware is a variety of software components that together provide services to the attackers. Currently this includes information stealing capabilities and in the background, kernel drivers and injection tools. This was cleared after the research done by Budapest University of technology and economics, who did a 60 page report on this issue.

Some modules of this worm were written in an Unknown High level programming language.

Later in the same year Duqu 2.0 was discovered by experts in Kaspersky Lab when it was attempting to enter the internal network Kaspersky Lab. It wanted to steal information that can be used to design new malware that could be able to avoid detection.

How Duqu Works

Step 1. Injected to the target environment via an infected USB flash drive, worm then propagates across the local network

Step 2. Disables the computer’s primary defense systems.

Step 3. Starts its primary work, Recording each keystroke, taking screenshots automatically and stealing documents.

Step 4. Sends the keylogging file and other details to the hacker, how the data is being sent to the hacker is not clear yet.

Shamoon (2012)

Shamoon is Also Known As:

• Disttrack
• W32.Disttrack
• W32.Disttrack!gen1
• W32.Disttrack!gen4
• W32.Disttrack!gen6
• Trojan.DistTrack.A
• Worm.Win32.Disttract.aa (v)
• Trojan/Win32.DistTrack.N635205045
• Win32:DistTrack-A [Trj]
• W32.DistTrack.Trojan
• Win.Trojan.DistTrack-1
• Virus.Win32.DistTrac.A
• Win32/DistTrack.A
• Trojan.Win64.DistTrack.vonlx

Shamoon was discovered by Seculert on 16 august 2012 and it affects mainly NT kernel based versions of Microsoft Windows. This virus has the capability to move from one computer to another computer by connecting in the same network. This virus was found to be deleting files from the user’s system.

In a report by Symantec they said that Disttrack malware is mainly targeting the personal data folders of the user, such as:

• Download
• Document
• Picture
• Music
• Video
• Desktop

This virus attacked on Energy and Oil sectors of companies, some experts also guess that computer systems at RasGas were also knocked offline by the same attack. Later on an unknown group named “Cutting Sword of Justice” took responsibility of attacks done by this virus. They attacked more than 30000 workstations of Saudi Americo. The group said that the virus has been used for cyber espionage in the energy sector.

The working process of the DistTrack could not be clearly understood, but a theory of its working is as:

Step 1. Shamoon can spread from an infected machine to other computers on the network

Step 2. The virus creates a list of files from specific locations on the system

Step 3. Upload the files to the attacker

Step 4. Deletes the original files for the system

Step 5. Overwrites the master boot record of the computer, making it unbootable.

Also Read About the Flame malware that got released in the same year.

CryptoLocker (2013)

CryptoLocker is Also Known As:

• Win32:Ransom-AQL [Trj]
• TR/Crilock.A.11
• Trojan.Agent.BBPC
• Win.Trojan.Cryptolocker-2
• Win32/Filecoder.BQ
• Trojan.Agent.BBPC
• Trojan-Ransom.Win32.Blocker.cfwh

CryptoLocker is In Top list of Dangerous viruses because of its type. It’s a Trojan horse, but specifically a Ransomware malware, according to Microsoft, this virus was first seen on 5 September 2013.

What actually this virus does is it propagates to your hard drive and make your personal file encrypted and also asks for ransom to open that particular file. It mainly propagates via email attachments and existing botnets.

The worst part is that this virus can delete itself, but it leaves your file encrypted. And even the experts have failed to open those encrypted files. It mostly encrypts files with extensions related to Microsoft office, OpenDocument, other document files, pictures, and AutoCAD files, so basically encrypting all import files.

Then the malware displays a message which offers to decrypt the data if a payment of 400 dollars or Euros is made through either bitcoin or a pre-paid cash voucher, and if the payment is not made by a stated deadline they will delete all the encrypting keys.

After November 2013 the cryptolocker’s operators made a website that claimed that they will decrypt the code even after the deadline is passed and after every 72 hours the rate will increase by 10 bitcoins later, after a year BBC published an article that says that victims can get their files unlocked for free, which can be made possible because of the FBI, Interpol and an IT firm Fox-IT.

How CryptoLocker Works

Step 1. Spreads via email attachment & Existing infected networks of local computers

Step 2. Encrypts the files of predefined .extensions

Step 3. Ask for ransom when user tries to open the encrypted file

Regin (2014)

Regin is Also Known As:

• Prax
• Warrior Pride
• Generic21.AMQY
• Backdoor.Regin.A
• Win32/Regin.A
• Rootkit:W32/Regin.A
• Rootkit.Win32.Regin.a

The Regin was discovered in November 2014, this malware targets personal computers operating on Microsoft windows. Most of antivirus & security softwares including Kaspersky was not able to detect Regin worm till the end of 2015.

The Regin is basically a Trojan horse which is mostly propagated from spoofed web pages. And once it is downloaded on the system, it starts downloading different extensions which are difficult to detect even by the antivirus.

It is suspected to have been created by the United States and United Kingdom over a period of months or years, as a tool for espionage and mass surveillance. A German newspaper allegedly claimed that this worm was combined plan of the US and UK for espionage and mass surveillance specially in Europe.

How Regin Works

Step 1. Spreads via infected flash drive and fake web pages

Step 2. It fetches another files with different extensions, of the same virus

Step 3. Starts keeping eye on every action on the system

Step 4. Sends all the data to the attacker

SMiShing (2015)

There was no specific virus came into existence in the year 2015, but a new way of hacking did, called SMiShing. It can be seen as phishing by SMS, in this technique attackers send fraud SMS to victims mobile and tries to take the user to a fake website.

How SMiShing Works

Step 1. Attacker Scrapes website on the internet to gather a list of Mobile Numbers

Step 2. Sends a specially crafted SMS like We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order at example.com

Step 3. If the user opens the URL they get redirected to a phishing page asking for sensitive information

Tiny Banker Trojan (2016)

Tiny Banker Trojan is Also Known As:

• Tinba
• SHeur4.AGZZ
• TR/Spy.SpyEyes.afnr
• Trojan.Spyeye-853
• Win32/Tinba.AE
• Gen:Variant.Zusy.8118
• HEUR:Trojan.Win32.Generic
• PWS-Zbot.gen.aew

As the name implies tiny banker Trojan is specifically designed virus for banking institutions. Actually, it is a modified form on Banker Trojan which came in the past, but it is much smaller in size, affective and more harmful.

Tiny Banker Trojan uses to identify the packet sniffing by which it analyses when a user is going to operate a bank account. During the process it extracts the useful info on the bank website like logo and title and make a pop up related to bank and ask their security numbers and codes.

Tinba is programmed with 4 domains which it uses once any one of them is down, it converts host machine into the botnet and it can inject itself into system processes.

How Tiny Banker Trojan Works

Step 1. Infects the system and the browser using various methods

Step 2.

• Sniff for packets being transferred between the browser (using the MITM attack) and the server, to fetch sensitive login data OR
• After login to the website, it creates a fake popup asking for the login details using the original logo and the name of the real site

Step 3. Transfers all the fetched data to one of the 4 servers coded in it

Winding Up

So, here we wind up our list of top 10 computer viruses from 2006 to 2016. As you can see above that these types of computer virus don’t target a particular country or region they are everywhere.

But one thing I noticed that this decade got most of the attack that try to steal the victims data or personal information, so we must be careful to protect ourself from these latest computer virus threats.

Must Read: Top 10 Most Dangerous Computer Viruses of early 20’s

How To Protect Your PC from Recent Computer Viruses

Protecting your computer from these attacks is easy and tough at the same time, if you are a tech savvy and stay careful about your actions on the internet then you can even run your system without installing any antivirus program. But most computer users are not that careful, that is why we go for various types of computer antivirus or all in one Internet Security suits.

If you are not sure about the type of computer antivirus you should take, then let me suggest you one that I use for last 4 years. As I have noticed that most of the time when a new virus comes into existence two security labs detect them first, which are:

• F-secure and,
• Kaspersky Lab

I have never used F-Secure because it is not available in my region yet, but I am using Kaspersky Internet Security for years and I believe that it is the best security software till date.

So, If you are also serious about protecting your machine and tasks performed over your machine from the above mentioned viruses then we recommend you to purchase Kaspersky Internet Security OR F-secure Internet Security today.

Leave comments below to let us know about any of your experiences with the harmful virus and how you managed to overcome with the infection.