One costly worm

The worldwide labour costs associated with cleaning up the Code Red worm and its variants totalled more than US$2 billion as of August – and are rising, according to one research firm tracking the menace.

With an estimated 760,000 computers infected, Carlsbad, Calif.-based research firm Computer Economics Inc. estimates labour costs to date associated with repairing corrupted systems at US$1.29 billion, with another US$716 million consumed by lost productivity among affected users, IT support and help desk staffs.

Code Red and Code Red II, a more virulent sequel worm that began attacking systems worldwide in early August, exploit a known hole in Microsoft Corp.’s Internet Information Server (IIS) software. A patch for the vulnerability has been available since mid-June.

Code Red’s final cost is unlikely to eclipse the US$8.7 billion price tag Computer Economics hung on damage attributable to the Love Bug, a virus that swept through the IT landscape last year, he said.

Computer Economics came up with its estimates by studying various news reports and expert analyses to determine a “consensus” figure for the number of computers and servers affected worldwide, Erbschloe said. The firm then lined that number up against its previously collected benchmarking data to determine an average per-server clean-up cost (ranging from US$300 to more than $1,000, according to Erbschloe). Those figures, combined, led the company to its US$2.05 billion “total economic impact worldwide” statistic.