Want CNET to notify you of price drops and the latest stories?

Counting the cost of Slammer

The guessing game begins as analysts weigh in with estimates of how much the SQL Slammer worm, which hit the Net a week ago, will hurt businesses' wallets.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
3 min read
Analyst firms have begun to weigh in with initial estimates of the damage done by the SQL Slammer worm, the virulent program that spread quickly throughout the Internet a week ago.

On Thursday, London-based market intelligence firm Mi2g said that the worm caused between $950 million and $1.2 billion in lost productivity in its first five days worldwide. That puts the worm at No. 9 on the company's list of the most costly malicious code, behind the likes of the Code Red worm, with its average of $2.6 billion in productivity loss; the LoveLetter virus, with $8.8 billion; and the Klez virus, with $9.0 billion.

"For all the hype of Slammer, it is not as dire as many people think," said D.K. Matai, CEO of Mi2g. "Just in case you think the sky fell down on Saturday, it didn't."

The estimates are the first to try and measure the effects of the latest worm to hit systems. The SQL Slammer worm spread throughout the Internet late on Jan. 24, and the sheer quantity of data produced by infected servers clogged the electronic arteries of company networks, downed banks networks and ATMs and slowed some people's access to the Internet.

Another analyst firm came up with similar estimates that measured the cost of cleanup rather than of lost productivity. Technology market researcher Computer Economics estimates that the worm cost between $750 million and $1 billion to clean up, said Mark McManus, vice president of technology and research for the Carlsbad, Calif., firm.

"The labor costs, although significant, weren't as bad as Code Red," McManus said. Analysts at Computer Economics had estimated that the LoveLetter virus cost almost a billion dollars in cleanup and more than $7.7 billion in lost productivity.

Many security experts argue, however, that while SQL Slammer is easier to clean up, the worm was worse overall than Code Red--which attacked more servers but didn't affect infrastructure, such as financial systems.

"This worm did something that we have not seen before," said Peter Allor, director of operations for the Information Technology Information Sharing and Analysis Center (IT-ISAC). "In this case, the customer was affected," he said. "People weren't getting dial tones; airplanes couldn't fly; (and) ATMs weren't giving cash."

Data on computer viruses has always been lean. Putting a dollar figure on the losses incurred by malicious code is difficult at best, said Michael Gartenberg, research director for Internet industry watcher Jupiter Research.

"It is a billion soft dollars, and that is an important part of an equation," he said, stressing that the losses weren't actually coming out of companies' wallets. "Measuring productivity and translating it into dollars is a hard thing."

In the past, analysts have tried to bill a variety of events to lost productivity. Last May, outplacement service Challenger Gray and Christmas estimated that the first day of "Star Wars: Episode II--Attack of the Clones" would cost firms $319 million in lost productivity from workers calling in sick and taking days off. In addition, Internet monitoring software maker Websense estimated in May 2000 that a Webcast by underwear retailer Victoria Secret would cost businesses $120 million in lost productivity.

Mi2g's Matai said there is a big difference between those numbers and the losses incurred by malicious code.

"I don't think we are looking at productivity loss like that at all," he said. "We are looking at how many servers went down, what was the utilization of those servers and what kind of traffic didn't get through," he said. "The administrators could do nothing until they sorted all that mess out. So it is a different measure of productivity loss."