Public Utilities Reports

PUR Guide 2012 Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

What's new at the Firewall

Utilities search for ways to combat viruses and spam.
Fortnightly Magazine - January 2004

is productivity loss-the amount of time it takes employees to delete or otherwise deal with spam. Experts estimate the average user takes about five seconds to deal with each piece of spam in their in-boxes. Some, of course, who are less educated about spam take even longer to deal with each unwanted e-mail.

The bottom line is that spam costs utilities hundreds of thousands of dollars annually. Making a few conservative assumptions, Fortnightly calculates that for a 3,000-employee utility, the average annual cost of spam is a mind-boggling $1,758,200 (for details of the calculation, see sidebar.)

The Morphing of Spam and Viruses

While the financial costs of spam are nothing to sneeze at, in the last few months of 2003, it became clear that the threat from spam quickly is becoming more than financial. It is also becoming a security issue as well.

According to Nathan Turajski, global product manager at Trend Micro, spam and viruses have started to converge. "We're seeing a lot more hybrid behaviors out there that indicate in the long term, this is going to be a malicious code problem and not a pure spam problem." For example, some of the payloads from 2003's Sobig virus would install themselves as a software that acted as a server to continue sending itself, or another payload, sent out via an unsuspecting company's mail server. This is a different kind of behavior from earlier viruses like Melissa and I LUV U, which made use only of individual address books in the Outlook e-mail client.

As Turajski points out, he is "seeing a lot of malicious code writers adopting spamming as a way to modify their activities, and we're seeing spammers learning from the malicious code writers about how to best propagate their spam over wide-area networks."

Outlawing Spam?

Congress has considered bills to minimize or outlaw spam for six years, but they got very little traction until this year. Then, a confluence of events pushed the Can Spam Act through both houses of Congress, and at press time, to an expected signature by the president.

First were the increasingly vociferous complaints about spam by constituents to their congressional representatives. Then, legislators saw the wild popularity of the Federal Trade Commission's Do Not Call list. But what really seemed to propel the bill was a study by Brightmail, a San Francisco anti-spam firm. According to that September 2003 study, spam had leapt to 54 percent of e-mail in the average in-box, compared to a mere 8 percent only two years before.

But while consumers may feel that Congress has addressed the spam problem, the tech cognoscenti disagrees.

"The majority of our customers don't see legislation as being the answer [to spam]," says Turajski. First, spammers, like virus propagators, are expert at hiding their origins. Moreover, the European Union outlawed spam last year, he notes, but it didn't solve the problem. Instead, spammers merely moved their servers offshore. "There's not a lot of faith in the legislative aspect," Turajski maintains. Most customers want a "technology answer" to spam, he says.

Postal Inspectors Go