MARKET NOTICE
December 5, 2001
CAISO Antivirus Program
ISO Market Participants:
As you know, yesterday (December 4, 2001) hundreds of thousands of e-mail
users were hit  by the "Goner" worm virus.  Unfortunately, e-mail messages
from the ISO inadvertently spread this virus to many of your work stations.
The ISO is very concerned that it not spread such viruses either within the
CAISO or to the ISO's Market Participants.  We sincerely regret any
inconvenience this may have caused you.  
Several Market Participants have asked about the ISO's procedures for
protecting against and responding to computer virus attacks.  We would like
to update you on our procedures that allow the ISO to detect a virus,
isolate it  quickly, implement countermeasures until the antivirus upgrade
is available and clean and restore our systems (servers and PCs).
The California ISO sends and receives thousands of electronic messages every
day because of who we are and what we do.  During the normal course of
business, the majority of these messages contain attachments exchanging and
providing information.  One method used by malicious programs (Viruses,
Worms, and Trojan-Horses) to spread is by electronic mail.
It is the attachment that carries the malicious program, not the email
itself.  So, when a user opens an infected executable file, the malicious
program is activated and initiates what it is programmed to do.  Examples of
executable files that may be infected include, but not limited to, Word
documents (.doc), Excel spreadsheets (.xls), or Visual Basic files (.vbs).
CAISO's Antivirus Program uses a three-tiered approach where scanning
(detect, clean or delete) is performed on email messages with attachments at
the Gateway Servers, the Mail Servers, and Users' PCs and Laptops.  All
incoming and outgoing email with attachments are scanned for all known
viruses.
That is a key element of an antivirus program.  New viruses or new strains
of computer viruses, worms, and Trojan-Horses are discovered at an alarming
rate.  Antivirus manufacturers try to keep up with the new discoveries and
try to be the first to market with the updates.  There are over 50,000 known
active viruses circulating the Internet today.
On December 4, CAISO experienced a malicious program--Goner Worm--attack
that contaminated our electronic mailing system sometime around 8:30 a.m.
The Goner Worm was a brand new program so our antivirus software was unable
to detect it.  Antivirus software manufacturers discovered this worm on
December 4, between 7:00 and 8:00 a.m.  Later that day, most manufacturers
developed an update to address the Goner Worm.  CAISO received the new
update around 12:00 p.m. and by 3: 30 p.m. our Antivirus Team had our email
system fully restored and functional.
Unfortunately, during the time it took to recover (about 5.5 hours), many
messages were sent out automatically.  We apologize for any inconvenience
this may have caused you.  

CAISO strongly recommends that all users take prudent measures to protect
themselves from malicious program contamination.  Precautions all users
should consider include:
*	Unsolicited email messages with attachments from unknown origins
should not be opened, but deleted. 
*	When in doubt, DELETE. 
*	All email attachments must be scanned before opening. 
*	Ensure that your antivirus software is updated regularly and often.
Although we are confident that our precautions ensure virus free
attachments, it is always prudent to always scan the attachments with your
own antivirus software.  Please contact your internal IT security department
for additional information regarding your antivirus program and procedures.
Client Relations Communications.0715
CRCommunications@caiso.com <mailto:CRCommunications@caiso.com>