Counting the cost of Slammer

Analyst firms have begun to weigh in with initial estimates of the damage done by the SQL Slammer worm, the virulent program that spread quickly throughout the internet last week.

On Thursday, security specialist Mi2g said that the worm caused between $950m and $1.2bn lost productivity in its first five days worldwide. That puts the worm at number nine on the company's list of the most costly malicious code, behind the likes of the Code Red worm, with its average of $2.6bn in productivity loss; the LoveLetter virus, with $8.8bn; and the Klez virus, with $9bn. D.K. Matai, CEO of Mi2g, said: "For all the hype of Slammer, it is not as dire as many people think. Just in case you think the sky fell down... it didn't."

The estimates are the first to try and measure the effects of the latest worm to hit systems. The SQL Slammer worm spread throughout the internet late on 24 January, and the sheer quantity of data produced by infected servers clogged the electronic arteries of company networks, downed banks networks and ATMs and slowed some people's access to the internet.

Another analyst firm came up with similar estimates that measured the cost of clean-up rather than of lost productivity. Technology market researcher Computer Economics estimates that the worm cost between $750m and $1bn to clean up, said Mark McManus, vice president of technology and research.

"The labour costs, although significant, weren't as bad as Code Red," McManus said. Analysts at Computer Economics had estimated that the LoveLetter virus cost almost a billion dollars in cleanup and more than $7.7bn in lost productivity.

Many security experts argue, however, that while SQL Slammer is easier to clean up, the worm was worse overall than Code Red - which attacked more servers but didn't affect infrastructure, such as financial systems.

Peter Allor, director of operations for the Information Technology Information Sharing and Analysis Center (IT-ISAC), said: "This worm did something that we have not seen before. In this case, the customer was affected. People weren't getting dial tones; airplanes couldn't fly; (and) ATMs weren't giving cash."