Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Cost Estimate For 2001 Tops $10 Billion

Posted by timothy on from the say-ahhhhhh dept.

Snootch writes: "CNN has a story on the costs of virii - they're absolutely collossal, and remember that the $10 billion figure is just *so far this year*...scary. The article gives a pretty good breakdown by virus, and while it says little else that the average /. reader won't know by now, it's an interesting read all the same. To quote Red Dwarf's Kryten, 'Smug Mode,' but I note that every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus ..."

"My other thought was this: Considering that according to the article, nearly half the money was spent cleaning infected systems out, then the virus-checker industry, and therefore the implications of Symantec's recent patent, are even bigger than I realised ... *gulp*" Of course, estimates like these are often made by people with vested interests in the effect such numbers have, and there are a lot of costs that are very tough to estimate accurately -- like sysadmin time.

5 of 239 comments (clear)

  1. Re:Mission critical by vrmlknight · · Score: 3, Informative

    I work in the Network Operations Center at one type of mission critical facility and most of our servers are Linux and Unix variants while these were fine we were still hit w/ code red (all the win2k desktops) bogged down everything our DNS servers were getting around 10,000 hits/hr (a lot for our internal servers) and all the extra traffic (probing for other IIS boxes) brought stuff down cause nothing could communicate over the network for about 12 min we pulled the plug on router that connects everything to the servers so that the servers could still communicate that started patching machines we lost about 12 min of productivity and another day of patching desktops. Luckily it happened around 8:00PM right as I was getting ready to leave so I was right they to pull the plug to separate the networks and than we called people in and started patching the win2k boxes

    --
    This must be Thursday, I never could get the hang of Thursdays.
  2. Sircam was not an outlook specific virus by plone · · Score: 5, Informative

    Geez, you would think that on /. people would know that Sircam was not Outlook specific. I had a friend (who is rather computer illiterate) who doesn't even use outlook and stilll managed to spread the virus. Sircam doesnt just use the outlook address book for viruses, it looks through your temporary internet files for anything it seems like an email address (this is the reason why Tacoboy would whine like a sissyboy about the gigs of email he was gettign from sircam). Sircam require outlook to propogate, it had its own internal SMTp engine. Sircam was not outlook specific, merely windows specific. And i am sure that it would be really easy to make a port to linux (but i could be mistaken since i know jackshit about programming or unix). The true innovation of the sircam virus was its social engineering aspect. People are always curious to open documents, even if they know that it wasnt meant to be sent to them.

  3. SirCam? by hearingaid · · Score: 5, Informative
    every single one mentioned in the article, bar one (Code Red), was a client-side Outlook virus

    Hello? SirCam? It's an executable. It's mentioned in the article. It's a Windows executable, but it will happily infect people running Eudora on Windows, supposing of course that they are dumb.

    It is another victory for the guys at Redmond, of course.

    --

    my old sig used to be funny, but then slashcode ate it and now it's not funny anymore

  4. Either Viri or Viruses by uriyan · · Score: 2, Informative

    The correct plural for virus is either viri or viruses. Viruses is the English way to form the plural, and viri is the Latin way of doing it. Personally, I prefer the Latin way since it sounds more elegant.

  5. Re:The cost to my company by flabbergasted · · Score: 2, Informative
    Time for an economics lesson.

    I work for a small R&D firm. My time is worth more to the company than my salary. Why? When I'm working on a contract, there's this little concept called overhead. For every dollar that I'm paid out of the contract, about two dollars from the contract are placed in the company overhead account. This provides the operating budget for the business. It pays the lights, rent, phones, secretaries, etc., but it doesn't pay my normal salary.

    When I have to change hats to clean up after a virus, I'm being paid out of the overhead account. It's not billable time. When I'm not working on contract, it costs the company more money than just my salary. For every dollar that I earned cleaning up after SirCam, there was one dollar deleted from the overhead budget and two dollars that were not "earned" by overhead. In other words, for every dollar that I was paid to clean up after SirCam, the company lost three dollars from the operating/overhead budget--one dollar for my salary and two dollars in lost revenues. The contract dollars are still there, but my time is gone forever.

    So just because I was already being paid, doesn't mean that it didn't cost the company money. It cost them a great deal. In the end, we figured that SirCam cost us about $2500, which is probably on the high end of the distribution. (We have a lot of unattended, networked computers scattered throughout the labs. Despite my repeated complaints, some of the researchers and graduate students still did not have anti-virus software on these computers. "But I never read email on that computer!" Half a dozen of them turned out to be infected with SirCam.)

    If you accept the figure of $2500 dollars for our company, then it only requires 4000 similar infections to total $10 million in lost revenue. There were probably far more than 4000 infections. Is the number $10 Billion inflated? Probably, but it still cost a tremendous amount of money to fight SirCam.