Nimda, Code Red and other malicious code are chewing up big dollars and bandwidth forcing Australian enterprise and Internet service providers (ISPs) to foot the bill.
An unseen aspect of malicious code is that companies and ISPs are left to deal with the bill for the download and, in the case of denial of service (DoS) attacks, bandwidth and dollars are squandered at a wholesale rate.
ISPs' downloads and upstream costs do not differentiate between malicious code and wanted data. This means, depending on the ISP cost model, companies or ISPs have to pay for communication costs whether they be bona fide or unsolicited.
Glenn Miller, managing director of Janteknology, said the cost of the download is an unintentional anomaly of virus and worm attacks and ISPs are the worst affected.
"ISPs are getting it in the neck," he said.
"The cost for downloading data is 19 cents per megabyte of data. For an ISP, the added traffic caused by viruses and worms could add an extra $1 per day per customer that's been hacked. Multiply that by the number of people on the Net and you're looking at massive amounts of money, say $500 to $1000 a day," Miller said.
"Effectively, the ISP could be absorbing an extra $1000 a day as a result of hack attacks."
Although Miller said it is not the telcos' fault, it delivers windfall revenue to them at the end of the day.
"Imagine the costs to a company that's actually being hit by a full-on DoS attack?"
Internode's managing director Simon Hackett said the extent to which an ISP or an enterprise is hit by the increase in traffic caused by malicious code depends on an ISPs cost model.
"Most ISPs in business today are not offering unlimited download deals to customers, but charge the customers for excessive downloads and therefore pass on the cost of virus attacks to their customers, so the amount of overhead is not too bad," he said.
"For enterprises paying a fixed amount, a DoS attack will cost you speed, but it won't raise the bill. The ISP will block the cost for you. The disadvantage of a fixed plan is you're paying more in the quiet months. If you're paying per Mb it will raise the bill.
"It's a definite economic risk. That's the way the Australian Internet industry works. That's an economic danger in this country.
"To date it hasn't been such a big issue. But it will become a bigger issue with more and more people going onto faster connections," Hackett said.
David White, systems engineering manager, South Asia-Pacific region, Foundry Networks, said in the case of DoS attacks the problem is compounded.
"DoS attacks can consume considerable bandwidth and generate significant traffic which a customer may have to pay for," Whyte said.
"The introduction of broadband has resulted in ISP billing based on download, and in some cases upload as well, rather than timed billing of traditional dial-up services. The problem is significant.
"Customers of ISPs have a right to be protected from DoS attacks and viruses such as Nimda, Code Red and the like. ISPs have an opportunity to differentiate themselves by providing protection as a value-added service," Whyte said.
