Counting the cost of Slammer
Published: 03 Feb 2003 08:54 GMT
Analyst firms have begun to weigh in with initial estimates of the damage done by the SQL Slammer worm, the virulent program that spread quickly throughout the Internet a week ago.
On Thursday, London-based market intelligence firm Mi2g said that the worm caused between $950m and $1.2bn, or £580m and £732m, in lost productivity in its first five days worldwide. That puts the worm at No. 9 on the company's list of the most costly malicious code, behind the likes of the Code Red worm, with its average of $2.6bn in productivity loss; the LoveLetter virus, with $8.8bn; and the Klez virus, with $9.0bn.
"For all the hype of Slammer, it is not as dire as many people think," said D.K. Matai, CEO of Mi2g. "Just in case you think the sky fell down on Saturday, it didn't."
The estimates are the first to try and measure the effects of the latest worm to hit systems. The SQL Slammer worm spread throughout the Internet late on 24 January, and the sheer quantity of data produced by infected servers clogged the electronic arteries of company networks, downed banks networks and ATMs and slowed some people's access to the Internet.
Another analyst firm came up with similar estimates that measured the cost of cleanup rather than of lost productivity. Technology market researcher Computer Economics estimates that the worm cost between $750m and $1bn to clean up, said Mark McManus, vice president of technology and research for the Carlsbad, California firm.
"The labor costs, although significant, weren't as bad as Code Red," McManus said. Analysts at Computer Economics had estimated that the LoveLetter virus cost almost a billion dollars in cleanup and more than $7.7bn in lost productivity.
Many security experts argue, however, that while SQL Slammer is easier to clean up, the worm was worse overall than Code Red--which attacked more servers but didn't affect infrastructure, such as financial systems.
"This worm did something that we have not seen before," said Peter Allor, director of operations for the Information Technology Information Sharing and Analysis Center (IT-ISAC). "In this case, the customer was affected," he said. "People weren't getting dial tones; airplanes couldn't fly; (and) ATMs weren't giving cash."
Data on computer viruses have always been lean. Putting a dollar figure on the losses incurred by malicious code is difficult at best, said Michael Gartenberg, research director for Internet industry watcher Jupiter Research.
"It is a billion soft dollars, and that is an important part of an equation," he said, stressing that the losses weren't actually coming out of companies' wallets. "Measuring productivity and translating it into dollars is a hard thing."
In the past, analysts have tried to bill a variety of events to lost productivity. Last May, outplacement service Challenger Gray and Christmas estimated that the first day of "Star Wars: Episode II -- Attack of the Clones" would cost firms $319m in lost productivity from workers calling in sick and taking days off. In addition, Internet monitoring software maker Websense estimated in May 2000 that a Webcast by underwear retailer Victoria Secret would cost businesses $120m in lost productivity. Mi2g's Matai said there is a big difference between those numbers and the losses incurred by malicious code.
"I don't think we are looking at productivity loss like that at all," he said. "We are looking at how many servers went down, what was the utilization of those servers and what kind of traffic didn't get through," he said. "The administrators could do nothing until they sorted all that mess out. So it is a different measure of productivity loss."
Let the editors know what you think in the Mailroom.
Did you find this article useful?
43 out of 79 people found this useful
- Share this article:
