A computer worm is a type of malware that self-replicates and spreads through networks and devices. Unlike viruses, which need a host file to attach themselves to, worms are standalone programs that can expand independently.
They’re also considered more infectious and versatile than a typical virus.
Hackers use them in a variety of cyber-attacks to slow down networks, damage systems, and steal sensitive information.
The following computer worm statistics show the scale of the threat and its trends over time.
The most shocking computer worm statistics
These stats show just how vulnerable we are to malware once it finds a widespread exploit:
- Mydoom spread to over 50 million computers during its peak.
- 1988’s Morris and 2000’s ILOVEYOU both infected 10% of the internet at the time.
- Worms account for 6.23% of all malware detections.
- The worst worms have caused damage costing tens of billions of dollars.
- 2010’s Stuxnet was a pioneering cyberweapon used against Iran.
Historical computer worm statistics and facts
The following facts chart the history of this malware type and the fascinating ways it’s been used.
1. Computer worms were first conceived in the 1970s.
The notion of a self-replicating and spreading program was first introduced back in the 1970s. John Brunner coined the term in the science fiction novel “The Shockwave Rider.”
2. The 1988 Morris is the earliest known large-scale computer worm.
Sources: [Kaspersky, FBI]
In terms of mainstream notoriety, the 1988 Morris worm is the earliest of its kind. Robert Morris, a Cornell University graduate, created it and launched it from the rival university MIT.
Although small by today’s standard, the malware infected less than 10,000 computers. At the time, this represented 10% of the entire internet.
Additionally, Morris claimed his worm wasn’t intended to cause serious damage. The highest cost estimate for damage was $10 million.
3. 2001’s Code Red was the first worm to target enterprise networks with mixed threats.
Source: [Trend Micro]
Code Red exploited a vulnerability in software distributed with Microsoft’s IIS web server. It was able to modify websites to display the message: HELLO! Welcome to http://www.worm.com! Hacked By Chinese!
Furthermore, it was the first worm to successfully target enterprise networks with mixed threats (multiple attack techniques). One part of its payload was to launch a DDoS attack on the White House computer network.
4. A worm called Welchia committed suicide after 30,000 infections.
Source: [Virus Research and Defense]
Did you know that this form of malware can also stop replicating after a set lifecycle? For example, Welchia ‘committed suicide’ at around 30,000 infections in early 2004.
Welchia was a rare helpful worm that removed the damaging Blaster malware. It also installed security patches from Microsoft.
5. The 2010 Stuxnet worm was a pioneering cyberweapon used against Iran.
Source: [Verve Industrial]
A cyberweapon is a distinct classification of malware employed in warfare or espionage. It has specific goals outside of making money or causing the most damage.
The Stuxnet was the first major cyberweapon. The United States and Israel designed it to target the Siemens systems used by Iran’s nuclear facilities. It infected over 200,000 computers, mostly in the target country.
Statistics for the biggest computer worms
Many worms only reach a few systems before detection, while others cause mass damage. These stats reveal the scale that sophisticated malware can reach:
6. Mydoom infected over 50 million computers during its peak.
2004’s Mydoom is the most widespread worm in history. It affected more than 50 million computers through emails during its peak wave.
Attackers sent it via attachments and replicated it through the victims’ address books, as well as the file-sharing platform Kazaa.
Mydoom was also able to pool infected computers together to launch distributed DDoS attacks.
7. Mydoom was the costliest worm, causing over $30 billion of damage.
Sources: [ZDNet, Irish Times]
Although estimates vary, it’s generally accepted that Mydoom also caused the most financial damage in the history of computer worms. Numbers range from $38 billion to $75.61 billion.
Furthermore, it’s followed by:
- Sobig ($30-$37.1 billion)
- ILOVEYOU ($10-$15 billion)
- Conficker ($9.1 billion).
8. ILOVEYOU infected 10% of the internet in the year 2000.
Like its forefather Morris, ILOVEYOU affected approximately 10% of internet-connected computers. The Pentagon, CIA, and the British Parliament chose to temporarily shut down their email systems to avert infection.
9. No worm since 2008’s Conficker has managed to surpass its peak.
Sources: [ABC News, ZDNet]
The days of mass infections are dwindling. 2008’s Conficker was the last one to reach such high numbers. It’s estimated to have affected 9 to 15 million computers, with an economic loss of $9.1 billion.
10. Microsoft offers a $250,000 bounty to capture worm creators.
Source: [The Guardian]
Successfully tracking down malware creators is relatively rare. Still, Microsoft has incentivized the process by offering a $250,000 reward.
The company attached this sum to Mydoom, Sobig, Conficker, and others. But despite the prosecution of Mikael Sallnert in relation to the Conficker, Microsoft has never actually paid out.
Modern computer worm statistics and trends
Malware is a persistent threat and evolves with every new operating system update. Here’s what the current landscape looks like.
11. Today, computer worms account for less than 7% of all malware detections.
Although worms can cause significant damage, they’re not the most common malware threat. They account for 6.23% of detections, behind scripts (9.39%), standard viruses (13.02%), and trojans (58.29%).
However, they’re more prevalent than backdoors, ransomware, crypto miners, and password-trojans.
12. Worms make up 2% of all malware detections on Windows computers.
This malware type is becoming less common on Windows computers, accounting for 2% of detections overall. This increases to 3% in Europe and the Middle East. Meanwhile, Asia-Pacific, Latin America, and North America are 1% or less.
13. The Ryuk ransomware was mixed with a worm in 2021 to improve attacks.
Worms are regularly employed with other attack methods in recent years. The 2018 Ryuk ransomware attacks were already successful in targeting large businesses and government entities. However, in 2021 hackers reinvigorated it by adopting worm-like self-propagation within local networks.
14. The 2021 Raspberry Robin is the most recent large-scale computer worm.
Sources: [Microsoft, Trend Micro]
Raspberry Robin first appeared in September 2021. It was spreading slowly via USB drives with no noticeable damage. However, by the following year, it produced a surge of infections across thousands of networks.
Moreover, Microsoft reported it as a malware dropper and precursor to larger-scale ransomware attacks. There were 34.8% of detections in Argentina, from October to November 2022. Australia was the second most targeted country at 23.2%.
These computer worm statistics serve as a stark reminder of the importance of maintaining robust cybersecurity measures.
What’s more, the sheer number of affected devices over the years, along with the potential damage, confirms this. It underscores the need for individuals and organizations alike to remain vigilant and proactive in protecting their systems.
On average, the number of people affected overall in a year is likely in the low millions. During peak infection rates, Mydoom reached over 50 million computers.
Worms are one of the most common forms of malware. According to AV-Test, they accounted for approximately 6.23% of all malware detected in 2019.
Worms can spread very fast, to the point they can seem instantaneous. Some might infect thousands or even millions of devices in a matter of hours. For example, ILOVEYOU, which was released in the year 2000, targeted millions of computers within a single day.
The biggest worm in terms of the number of infected devices is 2004’s Mydoom. It reached over 50 million computers. Additionally, other malware that surpassed the 10 million mark includes ILOVEYOU(2000), Sobig (2003), Storm (2007), and the Conficker (2008).
Due to its speed and number of infections at its peak, Mydoom is arguably the most successful worm. As the above computer worm statistics show, it was also the most destructive one. Mydoom caused over $30 billion of damage.
- Trend Micro
- Virus Research and Defense
- Verve Industrial
- Irish Times
- ABC News
- The Guardian
- Trend Micro