Singapore - The dreaded Code Red computer worm appeared to have left the Internet largely unscathed on Wednesday, but industry experts were left counting the cost of yet another virus alert that threatened global communications.
Security experts said they saw no immediate effect from the Code Red worm that was expected to have begun winding its way through Web servers from the stroke of August 1, but they cautioned that more time was needed to assess its full impact.
The worm, a benign sort of software virus that affects computers running certain types of operating system, has struck twice before, hitting hundreds of thousands of computers.
But millions of computer users have been better prepared this time, courtesy of a free software patch that catches the worm before it turns.
The US government, which appeared to be the target of previous manifestations of the virus, said it had not been affected.
Asian governments told a similar story.
"Currently all government and private-sector watch centres are not reporting any unusual activity associated with the Code Red virus," said Ronald Dick, director of the US National Infrastructure Protection Center (NIPC).
The Japanese government's agency for IT security said its saw no signs of damage by Code Red, as did Hong Kong's Computer Emergency Response Team Coordination Centre.
Keynote Systems, an American company which monitors traffic for the worldwide Web, reported the Internet appeared normal at a sample of the most-visited sites - including portals Yahoo, Google and Excite.
"If the proliferation of the worm and its resulting traffic was going to effect Internet performance it would surely be seen in these sites," Keynote spokeperson Mary Lindsay said. "So I guess it remains to be seen... Everything is quiet."
"Not a lot is happening, which is pretty much what we expected," said Michael Lyle, chief technology officer at Silicon Valley computer security firm Recourse Technologies Inc. "We've seen a few Code Red probes going out, but in the grand scheme of things it is quite small."
While the worm has the potential to slow overall Internet traffic to a crawl, the damage it causes will depend on how many computers have plugged the software hole it exploits, and whether a new variant emerges to target other Web sites for attempted shutdown.
"What we don't know is if these new variants, when they wake up, will launch a massive... attack against a new website," said Fred Rica, a security manager at PricewaterhouseCoopers.
The worm was originally written to instruct the computers it infects to flood the White House Web site with messages and effectively shut it down. White House officials escaped that first attack on July 19 by changing the numeric Internet address of the site.
Code Red bombards websites with a crippling amount of traffic, making them inaccessible to legitimate users.
It stealthily gains entry to Web servers when users call up a page and attacks computers running Microsoft's Windows NT and Windows 2000 operating systems. Windows 95, 98 and Microsoft Me users are generally not vulnerable.
For infected computers, turning the machine off and then on gets rid of the worm but does not provide immunity from future infection.
"It's like something out of 'Invasion of the Body Snatchers'," said Internet security expert Alan Matthews, referring to a science fiction film in which human bodies were taken over by alien life forms.
But Matthews, chief of New York-based Rapid 7, which develops network software security, said most big businesses and organisations had been aware of the threat and had already taken precautions - most notably the software patch available from www.digitalisland.net/codered.
"I think that the problem comes from small business, who have not the skill-set to be able to detect their systems and determine whether they are infected and it's going to take a while," Matthews said. "It's going to have a half-life of a couple of months."
The worm is named for a caffein-laced soft drink favoured by computer programmers.
The original version also defaced sites hosted by infected computers and some affected sites showed the message "Hacked by Chinese!" afterwards - although the Chinese government said the worm probably didn't originate there.
Even as network security experts tracked the progress of the bug, one research organisation attempted an initial tally of its economic costs.
Computer Economics, based in Carlsbad, California, estimated that Code Red has already cost an estimated $1,2-billion (about R9,78-billion) in damage to networks, ranking it below last year's Love Bug virus ($8,7-billion) but above the Melissa virus of 1999 ($1-billion) in terms of destructiveness.
The cost of clean-up, monitoring and checking systems for the Code Red, which has infected about 360 000 servers, was near $740-million, said Michael Erbschloe, vice president of research at Computer Economics.
The loss of productivity associated with the worm was near $450-million, he said.
"Information technology people are not cheap," he said. "A lot of companies have outsourced this and they have to pay sometimes $300 an hour to have people come in and look at their servers." - Reuters