Others are more destructive. They delete or corrupt data. They steal data and passwords and publish them on the Web. They disable hardware or wipe out entire hard drives.

Then there's the new breed of virus, like Slammer, which in February 2003 took less than 30 minutes to bring the Internet to a crawl. In its wake, clogged computer systems shut down, setting off a chain reaction. In the US, flights were grounded, ATMs malfunctioned and in some cities 911 emergency services were inaccessible.

A computer virus, says Graham Cluely, senior technology consultant at anti- virus software firm Sophos, is just a program that spreads across networks by attaching to other programs and making copies of itself. They have come a long way since 1986, when the first virus was released. Brain was a virus created by two brothers fed up with users pirating the software they had created for physicians. It didn't do much damage, just putting a copy of itself and a copyright message on any floppy disk copies their customers made.

Viruses spread through infected floppy disks would dominate for the next nine years. Then in the mid-1990s came the macro virus, spread through Microsoft Word or Excel documents. In 1999 the email virus emerged and still dominates today. The Love Bug worm is still the biggest virus case ever, with an estimated 50m infected machines. "People can't seem to resist clicking on an email attachment, and virus writers know that," says Kevin Hogan, senior manager of Symantec's EMEA security response group.

Viruses, however, are growing even more complex. Both Sophos and Symantec believe that email worms are peaking and may soon give way to a more dangerous threat. Bored virus writers are moving on to network worms, also called a 'blended threat'. These worms, like the Slammer virus, combine the old-style hacking techniques of exploiting vulnerabilities in the operating system, middleware or software of a computer with the replicating qualities of a virus. They're usually written to spread themselves, but some may have a payload that can inflict direct damage as well. Slammer was written to spread itself and didn't have a dangerous payload attached. Still, it consumed so much bandwidth as it spread that it was able to bring the Internet almost to a halt.

What makes network worms particularly dangerous is that they don't necessarily need human interaction to set them off. For example, says Hogan, they may initially spread through email, but once they detect they're on a machine that happens to be connected to a company's local- area network, they can start hopping across the network, and at lightning speed.

While Cluely says it's very difficult to pin down the exact cost of the damage viruses cause, there's no doubt companies pay not only in pounds but also in lost productivity. ICSA Labs, a computer security research firm, reports in its 2002 Virus Prevalence Survey of US firms that the amount of time lost to fully recover from security disasters is on average 23 days. The average reported cost for a disaster was $81,000 (?42,000), up from $69,000 (?35,800) in 2001. ICSA believes these numbers are on the low side, and that when both hard and soft costs are taken into account, the complete costs could be between $75,000 and $1m (?39,000-?52,000) in total costs of recovery.

So how can companies prevent themselves from being infected? The first rule, says Hogan, is to "be wary". Companies need to set basic rules and guidelines to deal with viruses. "They must make sure their employees know there's a risk and how to prevent it," he says. For example, a simple rule warning employees not to open attachments from unknown sources can prevent infection. "If you're unsure of the person who has sent the email to you, ring them up and find out that it is from them before opening it," he adds.


Ensure that anti- virus software is installed on every computer in the company, especially laptops. This should be used in conjunction with a firewall, a security system that resides between the Internet and a company's internal network and only permits authorised traffic to enter. As Hogan notes, anti- virus software is virtually powerless against new network worms. Because the Slammer bug spread so quickly, there was little hope of anti- virus vendors securing a sample, analysing it, building an antidote, testing it and shipping it to customers. A properly configured firewall, however, would have stopped it.

Mikko Hyponnen, director of anti- virus research at Finnish anti- virus software company F-Secure, warns that companies need to make sure their internal networks are protected too. "Some companies may have good email filtering and several layers of firewalls preventing access from outside. But if something does gain access to the internal network, all bets are off," he says.

For example, say a salesperson takes their laptop on a business trip and it becomes infected while at a client's offices. Once the salesperson returns to their office and hooks into the internal network, if there aren't firewalls protecting it, the virus can spread. "Once people understood what Slammer was and how it worked, it was relatively easy to block it. But trying to remove it was another thing," notes Hogan. "It was bouncing around on internal networks for months."

Smaller businesses that don't have the expertise or resources to deal effectively with their security systems could outsource this function. More service providers are offering firewall-type services and virus scanning for small offices.

Hyponnen concedes it's a "psychological step" to allow the remote management of security services. But the alternative could be much worse.