Worms To Cost ISPs $245 Million In 2004

Waterloo, Ontario based research firm Sandvine Incorporated has just released a study featuring research that shows how Internet Service Providers handle the almost daily attacks from worms and viruses.

Though worms are usually associated with attacks on corporate networks, the malicious, malformed data traffic they generate is also wreaking havoc on service provider networks, degrading the broadband experience for home Internet users and imposing anywhere from thousands to millions in unplanned network and customer support costs directly related to thwarting attacks.

Working from metrics derived from customers and selected industry sources, Sandvine has calculated that worm attacks – small and large – will cost the North American service provider sector as much as $245 million in 2004.

$245 million includes the cost of specialised tactical response teams, swamping of customer support resources, inflated transit costs and perhaps most damaging over the long term, a loss of brand equity that aggravates the industry-wide problem of customer churn.

“The quickening pace of worm attacks makes understanding their impact on service providers increasingly urgent,” said Tom Donnelly, co-founder and VP, marketing and sales of Sandvine Incorporated. “Worms exact a massive toll by forcing service providers to mobilise premium resources in order to quell attacks and protect the subscriber experience. Uncovering the true costs and inefficiencies that worms impose on the broadband sector is crucial if we’re going to identify appropriate solutions.”

In addition to the onerous cost of large-scale attacks, Sandvine researchers have discovered another type of expensive worm activity: persistent, low-level attack traffic caused by remnants of previous worms that tenaciously cling-on to residential subscriber PCs. Cumulatively, worms of both magnitudes are now an operational preoccupation for network managers and a worrisome drag on ISP profit margins.

For more on the study, download Sandvine’s white paper “Worms gobbling broadband profits: The financial impact of attack traffic on service provider networks.”

For more about worms, their behavior at each stage of development and subscriber-friendly options for mitigating the impact of worm traffic, visit http://www.sandvine.com/solutions/download_center.asp.


  • Internet worms are wreaking havoc on service provider networks of all sizes, and will cost North American service providers as much as $245 million this year
  • Worms will cost the global service provider sector more than $370 million in 2004
  • In addition to event-level attacks (e.g. Slammer, Sobig) virtually all service provider networks continue to contain varying degrees of latent worm activity and experience daily Denial of Service (DoS) attacks
  • On any given day, between 2 and 12 per cent of all Internet traffic moving across service provider networks is malicious.  Even on well-run networks with dedicated security departments, malicious traffic constitutes, on average, 5 per cent of all data throughput
  • On any given day, approximately 5 per cent of the residential subscriber base is infected by some kind of worm and either actively propagating it or generating malicious traffic
  • This year, worm attacks large and small will cost a typical 100K-subscriber service provider almost $60,000 in avoidable transit fees.  A one million-sub provider will pay an additional $350,000
  • These impacts are intensified by the relative inability of service providers to mitigate malicious traffic on the network while worm and DoS attacks are underway