Viruses, Spyware Cost Users $7.8 Billion

By Kim Hart
Washington Post Staff Writer
Tuesday, August 8, 2006

Consumers paid as much $7.8 billion over two years to repair or replace computers that got infected with viruses and spyware, a Consumer Reports survey found.

That figure was down from a similar survey a year ago. Still, it suggests that people are paying large sums to cope with the flood of malicious viruses and other programs that can slow computers or render them inoperable.

"There is a very high national cost to this," said Jeff Fox, technology editor of the consumer magazine. "People think they're invincible, even when this kind of money is involved."

In a nationwide survey, the magazine found that unwanted commercial e-mail, known as spam, is the biggest computer-security problem. But viruses are the most expensive, with people paying $5.2 billion in 2004 and 2005 to repair or replace afflicted machines, the survey found.

Infections of spyware, a type of software that can track computer users' habits or collect sensitive information about them, declined slightly in the past six months, the survey found. But such infections caused almost 1 million U.S. households to replace their computers, the survey found.

Losses from phishing scams, which are fake e-mails and Web pages that request sensitive data such as bank-account passwords, increased five-fold from the previous survey, with people telling the magazine that such scams cost them $630 million in 2004 and 2005. That's an average loss of $850 per incident.

"Phishing scams are worse than they've ever been," Fox said. "The bad guys are getting very sophisticated."

Some experts caution, however, that surveys in which people are asked about financial losses can produce overestimates.

"The numbers could possibly be inflated by the way the questions are phrased, especially in an area in which most people aren't very articulate," said Robert Lichter, who runs a statistical center at George Mason University. "The people surveyed may have a very vague sense of what these things are."

Other organizations that monitor Internet fraud complaints also point to growth in cybercrime. Internet-related complaints made up nearly half of all fraud complaints received by the Federal Trade Commission in 2005, with people claiming losses of $335 million.

And financial losses reported to the Internet Crime Complaint Center, a joint effort of the FBI and the National White Collar Crime Center, tripled in 2005, to $183 million, compared with the previous year.

"It's hard to tell who's losing the money -- the insurance company, the credit card company or the consumer -- but it's coming out of someone's pockets," said Dan Hubbard, vice president of security and research for Websense Inc.

While attacks used to be mostly nuisances, they have become more threatening, said Dave Cole, director of security response at Symantec Corp., a leading computer security company. Many of today's spam and phishing attacks target consumers' personal information with the intention of stealing money or in some cases, identities.

"There's a level of invasiveness a lot of people wouldn't expect," he said.

The Consumer Reports survey of 2,000 households found that 20 percent of respondents didn't have antivirus software and that 35 percent didn't use spyware-blocking software. As the Internet gains more users, it's important to educate them on the security risks, Cole said.

The survey results are to be published in the September issue of Consumer Reports.

© 2006 The Washington Post Company