Conficker cost may hit £6.2 billion

The economic cost of Conficker to governments, companies and individuals could be as high as $9.1 billion (6.2 billion) according to a cyber security awareness group.

Depending on the number of infections - which may range from 200,000 to over 10 million - the cost of the virus could run between $200 million and $9.1 billion, the Cyber Security Institute said.

The research group factored in wasted time, resources and energies, as well as direct costs in battling the worm, extrapolating the figure from studies involving similar attacks in the past. The group noted that the figure did not include lost opportunity costs - the hit to productivity the worm caused, keeping people from working on other projects.

Rob Housman, executive director of the Cyber Secure Institute, said in a statement that it was important to look at the totality' of the Conficker problem, and that it showed the ongoing vulnerabilities in IT systems and networks.

He said: "Whether or not Conficker turns out to be a sales tool for bogus Ukrainian security software or something much more destructive, the simple fact is that the Conficker worm has infected vast amounts of computers around the world."

On the Zero Day blog, independent security consultant and analyst Dancho Danchev said that the figure could be flawed as it included the cost of counter-measure software, which was virtually free.

He said that based on current agreements with security vendors, enterprises were supposed to be automatically protected from the worm. Danchev also said he personally never took rough estimates like these seriously.

He said: "There are simply way too many variables to take into consideration, especially the worm's global impact, the different allocation for asset protection across the world based on the local economic climate, and the efficiencies achieved in cleaning malware within a particular company.

"Factors that can greatly decrease or even increase the estimate," he added.

Conficker recently 'woke up' and downloaded a payload from servers.