Main Page

Included page "clone:virus" does not exist (create it now)

Welcome to the Virus Encyclopedia
The Wikidot wiki that anyone can edit
Currently editing 374 entries and counting

Featured Entry


Navidad is a mass-mailer worm that displays messages in Spanish. The worm is capable of making the computer unusable and whether or not this is intentional is uncertain, as the code has numerous bugs. "Navidad" means "Christmas" in Spanish. It ended up causing very little actual damage as it alerted users of its presence from the time it infected the system and only became destructive if it was not removed quickly.

Visually, the worm puts on a bit of a show, first loading an error message, then placing an icon in the system tray informing the user "we are watching". It then presents a button it orders the user to never press. If the user does, the worm informs the user that they have just destroyed their computer.

Recent Additions

  • Atas-II, a small family of viruses related to Atas, but memory resident and with an interesting payload.
  • Atas, a small family of DOS viruses.
  • Ghost, a prolific Atari ST virus.
  • Damnei, DiA's .NET virus
  • Cephei, a 64-bit Linux virus.
  • Diesel, a Linux virus by Paddingx that appears in 29A's 4th issue.
  • Init666, a MacOS virus.
  • Nutcracker, a 1994 DOS virus with some interesting stealth and encryption methods.
  • Bagz, a mass mailer worm from 2004.
  • Vbvx, a virus generator and family of viruses created from it.
  • The Little and Giant Black Books of Computer Viruses, Mark Ludwig's guides on then-common types of viruses with source code and instructions on how to write them.


Reports of our death have been greatly exaggerated. True, it has been a very long time since we last produced an entry for the wiki. Our professional and personal lives over the past few months have made it extremely difficult to devote to this labor of love, but most of us are still very much on it. New entries will continue to be few and far between for the foreseeable future. However, we will still be very much here, unless Wikidot folds and pulls the plug on the server, which is pretty unlikely to happen.

The Virus Encyclopedia will begin hosting some files on our own designated media page. We have hard drives, optical media and even floppy diskettes we have collected over the years filled with information that does not seem to be available anywhere else and occasionally we find something useful for one of our entries. The media is so far pretty disorganized, though we will be making an effort to put it all in one place and freely share it (where copyrights are not an issue) with everyone interested. In the meantime, when we find something from these files that is relevant to more than one page, we will upload it as an attachment to the Media page (there are only 2 entries as of this writing) and create a link to it.


  • The NSA may have had a hand in the Stuxnet worm, according to recently leaked documents. Long thought to be the work of the CIA and Israeli Mossad, a recent leak by the "Shadow Brokers" hacking organization included a tool by the NSA that was nearly identical to one used in Stuxnet. It was last compiled on 2010.09.09, a few months after the discovery of Stuxnet. Researcher Liam O'Murchu says there is definitelty a strong connection but no proof that the tool confirms a link to Stuxnet and the CIA. A python script contained in the leak displays an ASCII medal with the text “Won the gold medal!!!” above it, a possible reference to the "Olympic Games" codename of the project creating Stuxnet.
  • After 14 years of inactivity, the Slammer worm has made a mysterious comeback. The worm made brief spikes in late November and early December of the last year. The attacks primarily came from China, Vietnam, Mexico and Ukraine, though the US, Russia, Thailand, Venezuela and Argentina. No one seems to know how or why the 14-year old worm that is very specific to a vulnerability that should be patched and a port that should be closed was able to make a comeback, but there is a lot of room for speculation.

Featured Image

Monopoly is a Visual Basic worm coded by Zulu, creator of Bubbleboy and Stages. Its most prominent feature is the image of a Monopoly-style board with the face of Bill Gates placed over that of the Monopoly man. No reported incidents of the worm in the wild seem to exist and the worm was not malicious, so it likely never did any damage.

When opened, the worm first displays a message saying "Bill Gates is guilty of monopoly. Here is the proof.". When the user clicks on "OK", the worm then displays a window showing the image of about half of a modified Monopoly board, with Bill Gates popping out of the second "O".


Featured Video

Opaserv is a network worm with many different variants. One thing common to all Opaserv variants is that they carry a trojan that either updates the worm by downloading a new copy from a particular site, or it destroys the operating system. It caused a major worldwide epidemic in the fall of 2002, sometimes beating out other prominent worms of the time including Klez and Tanatos.

Some of its variants had a particularly interesting payload intended to scare or confuse the user. One variant, before destroying the system, displays a message at boot up tricking the user into thinking their copy of Windows is illegal and they are in violation of the DMCA (Digital Millenium Copyright Act). Someone thought it would be a good idea to use this as their desktop wallpaper.

If you are a new Wikidot user, you might find the wiki syntax quick reference page useful!

And as usual, if you need help with anything, ask the Wikidot community!

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License