Malware attacks are increasing in both frequency and sophistication, thus posing a serious threat to the Internet economy and to national security. Concurrently, efforts to fight malware are not up to the task of addressing this growing global threat; malware response and mitigation efforts are essentially fragmented, local and mainly reactive.
A wide range of communities and actors – from policy makers to Internet Service Providers to end users – all play a role in combating malware. But there is still limited knowledge, understanding, organisation and delineation of the roles and responsibilities of each of these actors. Improvements can be made in many areas, and international co-operation would benefit greatly in areas such as: proactive prevention (education, guidelines and standards, research and development); improved legal frameworks; stronger law enforcement; improved tech industry practices; and better alignment of economic incentives with societal benefits.
This book is a first step toward addressing the threat of malware in a comprehensive, global manner. It has three major aims:
It was developed by the OECD in partnership with the Asia Pacific Economic Co-operation Telecommunication and Information Working Group (APEC TEL).
Part I. The Scope of Malware
Chapter 1. An Overview of Malware
What is malware? | How does malware work? | Malware on mobile devices | The malware Internet: botnets | What are botnets used for? | Botnets command and control (C&C) models | Botnet figures | Botnets and broadband | Spam and botnets | The role of blacklists in combating botnets
Chapter 2. Malware Attacks: Why, When and How?
Types of malware attacks | Indirect attacks on the DNS | Attacks that modify data | Attacks on identity | Attacks on single and multi-factor authentication | Attacks on digital certificates and secure socket layer (SSL) | Why attacks are perpertrated | Malware attack trends | Origin of malware attacks | The malicious actors | The malware business model
Chapter 3. Malware: Why Should We Be Concerned?
Malware-enabling factors | The costs of malware | Challenges to fighting malware
Part II. The Economics of Malware
Chapter 4. Cybersecurity and Economic Incentives
Increased focus on incentive structures | The economic perspective
Chapter 5. Survey of Market Participants: What Drives Their Security Decisions?
Internet service providers (ISPs) | E-commerce companies | Software vendors | Domain registrars | End users | Annex: List of interviewees
Chapter 6. The Market Consequences of Cybersecurity - Defining Externalities and Ways to Address Them
Three major categories of externalities | Distributional and efficiency effects | Survey results on the costs of malware | Key findings
Part III. Malware: What Can Be Done?
Chapter 7. The Role of End Users, Business and Government
Key participants | Incentives and disincentives | The impact on society at large
Chapter 8. What Is Already Being Done?
Summary of key efforts | Instruments, structures and initiatives that address malware
Chapter 9. Possible Next Steps
A global partnership against malware | Areas for improvement and further exploration | Conclusion
Annex A. Background Data on Malware
Annex B. Research Design for Economics of Malware
Annex C. A Framework for Studying the Economics of Malware
Glossary of Malware Terms
Readers can access the full version of this book choosing from the following options: