Despite increased spending, the rate of malicious code infection continues to climb. A staggering 1.2 million incidents took place over a period of just 20 months, according to a new study.

The number works out to roughly 113 attacks per 1,000 machines per month, said ICSA Labs, a division of web security specialist TruSecure.

In addition, 28 per cent of companies were hit with a virus 'disaster', defined as an attack which affects 25 or more servers or PCs.

The figure is down from 51 per cent in the 2000 survey, but the company pointed out that the study was carried out shortly before the Nimda virus hit users worldwide.

ICSA's research found that companies spent an average of between $100,000 and $1m per year as a result of desktop oriented disasters involving both hardware and software. It also reported an increase in the number of multiple vector threats.

A significant reason for the success of Nimda was that it embodied five major infection vectors: web server to web server, browser, mail, shares and viral.

"We expect to see the most successful worms in the next two years exploiting this strategy of multiple infection vectors," said Larry Bridwell, content security programs manager at ICSA, and co-author of the report.

He explained that the likelihood of a company experiencing a computer virus or worm has approximately doubled for each of the past survey years, from 1996 to 1999, and has continued to grow by approximately 15 per cent per year for the two years since 1999.

Sponsored by Gantz-Wiley Research, Network Associates, Panda Software and Symantec, the survey canvassed 300 companies and government agencies to collect information about virus problems in computer networks.