4006_232@uwovax.uwo.ca (Mike Bennett) (03/20/89)
To the Net: We are doing a paper on the econimic nomic effect of last November's worm attack on the Internet. Rumour has it that the cost of the attack was about a hundred million dollars. Can anyone verify that figure? Also, if anyone has oersoonal personal examples of real hjardarsdship caused by non-availability of the a computer disabled by the worm, could you please forward the stories to me? Also, examples of losat data, financila al costs incrued by thecurred by the attack would be welcome. We will be happy to post the final results to the community. The purpose of our research is to attempt to place a dololarlar and personal cost to such attacks that could eventually be factored into risk analysis of viruses. These is no other purpose for this request; please change names etc if you wish. Thanx in advance Mike Bennett, PhD Prof. MMichael Bennett
ron@ron.rutgers.edu (Ron Natalie) (03/22/89)
Rutgers has a rather large internet network between it's campuses. It took us about a man-day (two of us spent Thursday morning) fixing up the various machines on campus to twart the bug. The next day we spent about 5 man-days answering calls from the media. Note, that the virus wasn't what caused us to spend the first man-day. It was the security hole in the UNIX software that left the virus in. We would have had to fix it anyway even if the bug was reported to us in a more innocuous way than having a virus unleashed on us. The media hype was directly related to the scare though. Thus you would probably be correct in attributing $1920 (in very generous salary and overhead money) to answering media inquiries directly associated to the virus. We've spent a lot of time checking over our security in the intervening time, as have a lot of people, but the amount of money they spend beefing up their security should not be attributed to the virus. It was a latent problem that they should have been doing anyhow. -Ron
smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (03/23/89)
Thank you, Ron, for the sanest statement I've seen posted on the worm/virus attack! At last, a note of sanity.