Digital economy

Malware and botnets


Return to > Information security and privacy  > OECD work on digital security

Short address for this page:


Botnets – networks of machines infected with malicious software – are widely regarded as a critical security threat. Measures that directly address the end users who own the infected machines are useful, but have proven insufficient to reduce the overall problem. Recent studies have shifted attention to Internet Service Providers (ISPs), the providers of Internet access to end users, as possible control points for botnet activity.

The OECD analysed two aspects of anti-botnet policies and explored, in 2007-2008, the policy implications of malware.


The networks of just 50 ISPs account for around half of all botnet-infected machines worldwide.

The role of ISPs in Botnet Mitigation


Proactive Policy Measures by Internet Service Providers against Botnets (2012)

This report analyses proactive initiatives to mitigate botnets in Australia, Germany, Ireland, Japan, Korea, the Netherlands, the United Kingdom and the United States through which end-users are notified by ISPs when their computer is identified as being compromised by malicious software and encouraged to take action to mitigate the problem. The purpose of the report is to review the core dimensions of these programmes in order to identify the main challenges and provide high-level guidance on future policy development.

Download the full report


The Role of Internet Service Providers (ISP) in Botnet Mitigation. An Empirical Analysis Based on Spam Data (2010)

This empirical study analyses 170 million unique IP addresses that delivered 109 billion spam messages from to a spam trap between 2005 and 2009 to understand to what extent ISPs are critical control points for botnet mitigation, how they perform relative to each other and whether the differences in performance can be explained by the characteristics of the ISPs or the environment in which they are located. According to this study, the 200 ISPs that hold the lion’s share of the access markets harbor over 60 % of all infected machines worldwide registered by the spam trap. Furthermore, the networks of just 50 ISPs account for around half of all infected machines worldwide. This study was carried out for the OECD by a team from the Delft University of Technology, Netherlands and  Michigan State University, United States.

Download the full report


Computer Viruses and Other Malicious Software: A Threat to the Internet Economy

In 2007-2008, the OECD analysed policy issues raised by the problem of malicious software (“malware”). This work was carried out jointly with APEC TEL, and resulted in a book that represented a first step toward addressing the threat of malware in a comprehensive, global manner.

Read More


Related Documents