Microsoft support stats show Sasser spread

Microsoft Australia was fielding up to 350 calls per hour related to Sasser at its peak, showing how fast the worm was moving around the Internet

Microsoft Australia has given its account of events inside its call centre during the days following the Sasser virus outbreak, revealing the awesome speed at which the virus spread.

On the morning of Tuesday 4 May, just as millions US workers were shaking off the Monday blues and heading home, Australians were switching on their PCs and logging on to the Internet.

Sometime during the previous night Sasser, the network virus reported to be spreading without human intervention four days earlier, slipped into Australian networks.

According Microsoft Australia, by 10 a.m. on 4 May its support centre had received an estimated 75 calls from customers. By the end of the day that number had risen to 4,000 -- nearly all enquiries from people wanting to know how to detect and remove Sasser.

At its peak around lunchtime, Microsoft said customer call-rates at its support centre climbed to 350 per hour.

"Call centre staff numbers were doubled and telephone lines increased to accommodate call volume. Additionally, Microsoft Australia opened the call centre over the weekend of 8 May to further provide assistance to those people calling from home," said a spokesperson for Microsoft.

Throughout the following week, Microsoft took around 16,000 calls. Microsoft estimates that call times averaged around 10 minutes, adding an estimated 2,700 man-hours to its output.

Based on current CEPU estimates for call centre wage rates, Microsoft Australia -- just one of many Australia-based IT operations supporting customers through the outbreak -- spent at least $40,000 to $53,000 on additional labour to deal with the virus.

That excludes the cost of opening its call centre over the weekend and opening extra phone lines to accommodate callers.

Last year Microsoft released just over 50 security advisories and software patches to address separate vulnerabilities discovered in its operating systems. The software company has since changed its reporting mechanism and currently bundles multiple vulnerabilities into each advisory and its associated patch.

According to security sources one such recent advisory, MS04-011, patches around 12 separate security vulnerabilities.

The rate at which new vulnerabilities are discovered is difficult to estimate as most are passed on to the company in confidence to prevent them being discovered by miscreants before the company has a chance to patch them.

For more coverage on ZDNet Australia, click here.