This summer has been one of the busiest Tocheva has experienced as a virus-cracker, as bugs with names like Lovsan, Blaster and Sobig have wreaked havoc around the world.

And with the next big virus attack expected to come on or around Wednesday, her work has not eased up a bit, says the Bulgarian computer whiz in charge of Finnish firm F-Secure's anti-virus lab.

Nobody knows how much damage is caused by the thousands of viruses released each year, but estimates start around 100 million euros (dollars) and exceed one billion.

Tocheva laments the fact that the damage caused by most virus outbreaks could be limited if computer users would only update their anti-virus software regularly or take normal precautions when opening e-mail attachments.

"Most viruses are a piece of cake to solve," Tocheva says with a shrug, her eyes never leaving the computer screen displaying the latest bug to hit her e-mail inbox.

Tocheva's is one of a handful of teams worldwide responsible for combating viruses to prevent them from infecting the globe's data systems.

Every day they let up to 10 new viruses infect their computers to see how they work, find their weaknesses and ultimately neutralize them.

Usually it takes only a few minutes for the team to crack a virus and release antidote software, while a severe case might need a couple hours of work.

"The truth is, 99 percent of the viruses are rather harmless, and more often than not, faulty stuff done by teenagers and amateurs," said Veli-Jussi Kesti, a battle-hardened veteran on her team.

Ero Carrera, another expert, nods in agreement.

"Many of them are just kids, lonely and with too much time on their hands. For them viruses are cyberspace graffiti. They want to read in the press about their viruses and the damage they have done."

Often they use a virus-building kit found on the web, lumping parts of it together with a new virus, without doing any sophisticated programming themselves.

"And then they release it on the web, without testing it, to see what happens," Carrera says, adding: "Usually it's nothing."

Still, the team has to make counter-software for each new virus, however insignificant it is.

Meanwhile, Tocheva has finished checking the latest bug and sends it over to Gergely Erdelyi, a Hungarian researcher on her team.

To the uninitiated, the text that scrolls past his eyes looks more like the effects of somebody sitting on a computer keyboard than a computer program.

"It's binary code," he explains.

Running it through translation software, Erdelyi quickly turns it into a more readable programming language.

Then he breaks the virus down into its individual parts, running them separately on an isolated test computer to find out what each part does. Soon he has identified its vital functions and found its "fingerprint", or characteristics.

That done, he can easily write a piece of software that detects the virus.

While the typical virus maker is a lone amateur or activist targeting specific firms -- Microsoft being among the most popular -- Tocheva's team has lately seen some more sophisticated bugs, most likely made by organizations.

This includes the Sobig family of viruses, where the latest incarnation recently clogged corporate networks with hundreds of millions of spam e-mails.

"All Sobig viruses are clearly made by the same group. It looks like a project somebody has ordered, maybe e-mail marketers with criminal intent," Carrera said, noting it had secretly retrieved e-mail addresses from computers.

One characteristic of the Sobig family is also that they are all set to expire, or die, on a given date, when a new variant is released.

The next time that is expected to happen is around September 10, Tocheva said.

"So we might be in for a surprise," she said, adding reassuringly that her team was yet to come across a virus it couldn't crack.

SPACE.WIRE