Internet economy

Computer Viruses and Other Malicious Software: A Threat to the Internet Economy

 

Return to > Information security and privacy > Security > Malware and botnets

 

‌ISBN: 978-92-64-05650-3
Pages: 244
Published: March 2009

Table of contents | Read online | Get the book  


Spurred by the prevalence of always-on, high-speed connections, the Internet has become a powerful tool for enhancing innovation and productivity. The increasing dependence on the Internet and other communication networks, however, means the Internet has also become a popular and efficient way to spread computer viruses and other types of malicious software (malware).


"Viruses", "worms" and "zombies" might sound like science fiction, but they are in fact the reality presented by the spread of malware. The power and threat of malware are that it can infiltrate, manipulate or damage individual computers, as well as entire electronic information networks, without users knowing anything is amiss. All of this has brought the electronic world to an important juncture.

Malware attacks are increasing in both frequency and sophistication, thus posing a serious threat to the Internet economy and to national security. Concurrently, efforts to fight malware are not up to the task of addressing this growing global threat; malware response and mitigation efforts are essentially fragmented, local and mainly reactive.


A wide range of communities and actors – from policy makers to Internet Service Providers to end users – all play a role in combating malware. But there is still limited knowledge, understanding, organisation and delineation of the roles and responsibilities of each of these actors. Improvements can be made in many areas, and international co-operation would benefit greatly in areas such as: proactive prevention (education, guidelines and standards, research and development); improved legal frameworks; stronger law enforcement; improved tech industry practices; and better alignment of economic incentives with societal benefits.


This book is a first step toward addressing the threat of malware in a comprehensive, global manner. It has three major aims:

  • to inform policy makers about malware -- its growth, evolution and countermeasures to combat it;
  • to present new research into the economic incentives driving cyber-security decisions; and
  • to make specific suggestions on how the international community can better work together to address the problem.

It was developed by the OECD in partnership with the Asia Pacific Economic Co-operation Telecommunication and Information Working Group (APEC TEL).


Table of contents

Executive Summary

Background

Part I. The Scope of Malware

Chapter 1. An Overview of Malware
What is malware? | How does malware work? | Malware on mobile devices | The malware Internet: botnets | What are botnets used for? | Botnets command and control (C&C) models | Botnet figures | Botnets and broadband | Spam and botnets | The role of blacklists in combating botnets

Chapter 2. Malware Attacks: Why, When and How?
Types of malware attacks | Indirect attacks on the DNS | Attacks that modify data | Attacks on identity | Attacks on single and multi-factor authentication | Attacks on digital certificates and secure socket layer (SSL) | Why attacks are perpertrated | Malware attack trends | Origin of malware attacks | The malicious actors | The malware business model

Chapter 3. Malware: Why Should We Be Concerned?
Malware-enabling factors | The costs of malware | Challenges to fighting malware

Part II. The Economics of Malware

Chapter 4. Cybersecurity and Economic Incentives
Increased focus on incentive structures | The economic perspective

Chapter 5. Survey of Market Participants: What Drives Their Security Decisions?
Internet service providers (ISPs) | E-commerce companies | Software vendors | Domain registrars | End users | Annex: List of interviewees

Chapter 6. The Market Consequences of Cybersecurity - Defining Externalities and Ways to Address Them
Three major categories of externalities | Distributional and efficiency effects | Survey results on the costs of malware | Key findings

Part III. Malware: What Can Be Done?

Chapter 7. The Role of End Users, Business and Government
Key participants | Incentives and disincentives | The impact on society at large

Chapter 8. What Is Already Being Done?
Summary of key efforts | Instruments, structures and initiatives that address malware

Chapter 9. Possible Next Steps
A global partnership against malware | Areas for improvement and further exploration | Conclusion

Annex A. Background Data on Malware

Annex B. Research Design for Economics of Malware

Annex C. A Framework for Studying the Economics of Malware

Glossary of Malware Terms

Bibliography


How to obtain this publication

Readers can access the full version of this book choosing from the following options:

 

Related Documents

 

Proactive Policy Measures by Internet Service Providers against Botnets (OECD Digital Economy Paper, 2012)

The Role of Internet Service Providers in Botnet Mitigation: An Empirical Analysis Based on Spam Data (OECD Science, Technology and Industry Working Papers, 2010)

Economics of Malware: Security Decisions, Incentives and Externalities (OECD Science, Technology and Industry Working Papers, 2008)

APEC-OECD Malware Workshop (2007)

Online Identity Theft (2009)

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

What is the OECD Working Party on Information Security and Privacy (WPISP)?

 

Countries list

  • Afghanistan
  • Albania
  • Algeria
  • Andorra
  • Angola
  • Anguilla
  • Antigua and Barbuda
  • Argentina
  • Armenia
  • Aruba
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Bangladesh
  • Barbados
  • Belarus
  • Belgium
  • Belize
  • Benin
  • Bermuda
  • Bhutan
  • Bolivia
  • Bosnia and Herzegovina
  • Botswana
  • Brazil
  • Brunei Darussalam
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cambodia
  • Cameroon
  • Canada
  • Cape Verde
  • Cayman Islands
  • Central African Republic
  • Chad
  • Chile
  • China (People’s Republic of)
  • Chinese Taipei
  • Colombia
  • Comoros
  • Congo
  • Cook Islands
  • Costa Rica
  • Croatia
  • Cuba
  • Cyprus
  • Czech Republic
  • Côte d'Ivoire
  • Democratic People's Republic of Korea
  • Democratic Republic of the Congo
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Equatorial Guinea
  • Eritrea
  • Estonia
  • Ethiopia
  • European Union
  • Faeroe Islands
  • Fiji
  • Finland
  • Former Yugoslav Republic of Macedonia (FYROM)
  • France
  • French Guiana
  • Gabon
  • Gambia
  • Georgia
  • Germany
  • Ghana
  • Gibraltar
  • Greece
  • Greenland
  • Grenada
  • Guatemala
  • Guernsey
  • Guinea
  • Guinea-Bissau
  • Guyana
  • Haiti
  • Honduras
  • Hong Kong, China
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Iraq
  • Ireland
  • Islamic Republic of Iran
  • Isle of Man
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jersey
  • Jordan
  • Kazakhstan
  • Kenya
  • Kiribati
  • Korea
  • Kuwait
  • Kyrgyzstan
  • Lao People's Democratic Republic
  • Latvia
  • Lebanon
  • Lesotho
  • Liberia
  • Libya
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Macao (China)
  • Madagascar
  • Malawi
  • Malaysia
  • Maldives
  • Mali
  • Malta
  • Marshall Islands
  • Mauritania
  • Mauritius
  • Mayotte
  • Mexico
  • Micronesia (Federated States of)
  • Moldova
  • Monaco
  • Mongolia
  • Montenegro
  • Montserrat
  • Morocco
  • Mozambique
  • Myanmar
  • Namibia
  • Nauru
  • Nepal
  • Netherlands
  • Netherlands Antilles
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Niue
  • Norway
  • Oman
  • Pakistan
  • Palau
  • Palestinian Administered Areas
  • Panama
  • Papua New Guinea
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Romania
  • Russian Federation
  • Rwanda
  • Saint Helena
  • Saint Kitts and Nevis
  • Saint Lucia
  • Saint Vincent and the Grenadines
  • Samoa
  • San Marino
  • Sao Tome and Principe
  • Saudi Arabia
  • Senegal
  • Serbia
  • Serbia and Montenegro (pre-June 2006)
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovak Republic
  • Slovenia
  • Solomon Islands
  • Somalia
  • South Africa
  • South Sudan
  • Spain
  • Sri Lanka
  • Sudan
  • Suriname
  • Swaziland
  • Sweden
  • Switzerland
  • Syrian Arab Republic
  • Tajikistan
  • Tanzania
  • Thailand
  • Timor-Leste
  • Togo
  • Tokelau
  • Tonga
  • Trinidad and Tobago
  • Tunisia
  • Turkey
  • Turkmenistan
  • Turks and Caicos Islands
  • Tuvalu
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • United States
  • United States Virgin Islands
  • Uruguay
  • Uzbekistan
  • Vanuatu
  • Venezuela
  • Vietnam
  • Virgin Islands (UK)
  • Wallis and Futuna Islands
  • Western Sahara
  • Yemen
  • Zambia
  • Zimbabwe
  • Topics list