The Code Warrior; The nightmare began in August with Blaster, a new kind of virus, which infected computers through their Internet connections, without e-mails or attachments, replicated on its own, and may have played a role in the recent blackout in the U.S. Northeast.

BYLINE: Michael Shnayerson

In Edgar Allan Poe's classic story "The Mask of the Red Death," an uninvited guest slips into a costume ball, his mask in place, and mingles with the crowd until the clock strikes midnight. Only then do the horrified onlookers realize that he's infected them with a deadly plague.

So, on the morning of August 18, 2003, did a masked guest enter an Internet newsgroup to infect his cyber-companions with the widest-spreading and most costly e-mail virus of all time.

His mask was a stolen credit-card number. The ballroom was an Internet-service provider called EasyNews, floating in cyberspace but tethered to a business address in Phoenix, Arizona. Seven minutes after opening his EasyNews account, the guest entered a newsgroup dedicated to pornography. "Thank you!" read one of the subject lines of the message he posted to the newsgroup's patrons. "Re: Details," read another. The message had an attachment ostensibly containing pornographic images. Greedily, many of the guests clicked it open, only to be infected. And so began SoBig.F, a virus that sent unsolicited e-mails-hundreds of millions in all-around the world.

The e-mail flood disrupted businesses from Starbucks and FedEx to AOL Time Warner, ultimately resulting in estimated losses and costs of $14.6 billion worldwide, a new record, according to mi2g, a digital risk-consulting firm in London. At least a million computers were blitzed-some with thousands of e-mails each day. But that was just the start. Encrypted in the virus's code was a second stage, timed to launch later that week. Every computer infected with SoBig.F would download a mysterious program from an unknown Web site. Would the program wipe out the data on the owners' hard drives? Steal their passwords or credit-card numbers? Recruit them in a campaign of cyber-warfare?

With the fateful hour looming, virus hunters around the world vied with one another to crack the encryption, both to avert what could be a global computer calamity and to earn the glory of stopping the most complex virus yet. Some were at Microsoft in Washington State, others at Computer Associates on Long Island, Symantec and Network Associates in California, and still others at Britain's Sophos P.L.C. and Tokyo's Trend Micro. These were the industry leaders. Yet all knew they had a colleague to reckon with: Mikko Hypponen, a 34-year-old Finn with a blond ponytail, who worked at a small, Helsinki-based company called F-Secure.

In an office devoid of decoration or personal effects, Hypponen bent over his laptop and scrolled through 2,000 pages of SoBig.F virus code, calling out orders to a team of young Europeans down the hall. Beside him, a forgotten cup of black coffee grew cold. Outside, unnoticed, a precious Nordic summer day rose, shimmered, and began to fade.

To a first-time visitor, everything in Helsinki seems to work just as it should. The airport is spotless and hassle-free; the taxis are new Mercedeses, whose drivers hold forth with the erudition of college professors; the streets are clean-swept and uncrowded, the buildings a cheery mix of wedding-cake Art Nouveau and soaring modernism. A liberal spirit prevails: Finland's wildly popular president, Tarja Halonen, was a single woman upon her election, in February 2000, and only afterward married her steady beau. And everywhere in this old seaport is the happy hum of new money, thanks to Nokia, the onetime maker of rubber boots whose mobile phones spawned an industry and made Helsinki one of the European Union's fastest-growing cities.

No surprise, then, that the boom in I.T.-information technology-has fostered a plucky start-up here to guard that information from hackers and virus writers. F-Secure-the name means nothing, but to its founders sounded "cool"-went public in November 1999 during the dot-com wave and saw its stock soar more than a thousand percent, briefly making its young C.E.O., Risto Siilasmaa, the richest man in Finland, to his utter mortification. (Finns are different.) The stock is back where it started, but the company is profitable, in large part because of its crack anti-virus team.

Siilasmaa and the corporate brass enjoy harbor views from the modernist glass boxes where F-Secure has its headquarters, in an industrial area at the western end of Helsinki. Hypponen and his young programmers look out the back from bare, unlit offices onto a dreary street, but none seems to mind: their eyes are glued to their computer screens. Some 600 viruses hit the Internet each month-more than 80,000 have plagued it to date-and Hypponen's team has to deal with most of them, posting fixes online twice a day to the far-flung corporate clients of F-Secure's anti-virus program. The pressure, especially when a Level One virus hits, is intense.

"This year, 2003, was the worst in virus history," says Hypponen, whose good looks, easygoing charm, and perfect command of American jargon make him stand out in your average gathering of European computer wonks. In that terrible year, he says, one month was the worst: "The whole of August was just a nightmare."

It started with a virus called Blaster. …