I also help "Mom" with all her computer problems. Her expenses for security & malware removal over the past few years have ranged from $50.00 for a security package to $99.00 for a visit to the local outlet of national tech support service. Real & potential expenses have ranged from the low of $50 to a high of $800.00(cost of tech service recommended replacement computer (aaargh) + security software.)
Microsoft, in a recent blog about the Waledac takedown estimates that 70,000-90,000 computers were 'freed' from the botnet controllers. These 70,000-90,000 computers can no longer be controlled by the Waledac botmasters. However, they are far from being 'fixed.' Microsoft reports the computers remain infected with Waledac and other malware and some are still sending spam.
Some estimate of the enormous expense associated with fixing computers damaged by any type of scamware or malware can be made using the Microsoft estimate of the size of the Waledac botnet.
Taking that $70 dollars Ahoier's mom believed was necessary for security software & multiplying it by 90,000 (the high-end estimate of computers recently freed by Microsoft, but still infected with Waledac and other malware) the minimum cost of fixing just the computers in the Waledac botnet = $6,300,000.00
If we go the budget route on those 90,000 computers, another estimate of the minimum cost of malware removal and protection is $50.00 x 90,000 = $4,500,000.00.
If "Mom" did not have a tech-savvy person to help her, or if the infected computer belongs to a business who pays for staff or outside suport for malware removal & protection support, a minimum cost estimate is $99.00. $99.00 x 90,000 = $8,910,000.00.
After one has been infected with something that requires professional support, the tendency is to purchase a better security package. This increases the cost of fixing a computer infected with malware. Total minimun estimated cost for 90,000 computers that require professional support + new security software is $8,910,000.00 + $4,500,000.00 = $13,410,000.00
So, a very non-scientific estimate of the minumum potential costs to fix and protect the number of computers found in a reportedly small botnet such as Waledac range from $4,500,000.00 to $13,410,000.00. These estimates are only one part of the total cost of cybercrime. Additional costs include the mitigation and avoidance efforts made by legitimate network providers and security services to prevent or stop cybercrime activities.
Whenever I read news about a spammer receiving a small financial fine or a minimum prison sentence, I know the legal system here and elsewhere continue to operate in the dark about the actual personal and business damages associated with cybercrime.