4006_232@uwovax.uwo.ca (Mike Bennett) (03/20/89)
To the Net:
We are doing a paper on the econimic ������nomic effect
of last November's worm attack on the Internet.
Rumour has it that the cost of the attack was about
a hundred million dollars. Can anyone verify that figure?
Also, if anyone has oersoonal���������� personal examples of
real hjard����ars�dship caused by non-availability of the ����a computer
disabled by the worm, could you please forward the stories to me?
Also, examples of losa�t data, financila ���al costs incrued by the������������curred by
the��� attack would be welcome. We will be happy to post the
final results to the community.
The purpose of our research is to attempt to place a dololar����lar
and personal cost to such attacks that could eventually be
factored into risk analysis of viruses. These is no other
purpose for this request; please change names etc if you wish.
Thanx in advance
Mike Bennett, PhD������������������ Prof. M�Michael Bennett
ron@ron.rutgers.edu (Ron Natalie) (03/22/89)
Rutgers has a rather large internet network between it's campuses.
It took us about a man-day (two of us spent Thursday morning) fixing
up the various machines on campus to twart the bug.
The next day we spent about 5 man-days answering calls from the media.
Note, that the virus wasn't what caused us to spend the first man-day.
It was the security hole in the UNIX software that left the virus in.
We would have had to fix it anyway even if the bug was reported to us
in a more innocuous way than having a virus unleashed on us. The media
hype was directly related to the scare though.
Thus you would probably be correct in attributing $1920 (in very generous
salary and overhead money) to answering media inquiries directly associated
to the virus.
We've spent a lot of time checking over our security in the intervening
time, as have a lot of people, but the amount of money they spend beefing
up their security should not be attributed to the virus. It was a latent
problem that they should have been doing anyhow.
-Ron
smb@ulysses.homer.nj.att.com (Steven M. Bellovin) (03/23/89)
Thank you, Ron, for the sanest statement I've seen posted on the
worm/virus attack! At last, a note of sanity.