Computer Viruses and Other Malicious Software

Computer Viruses and Other Malicious Software

A Threat to the Internet Economy You do not have access to this content

Authors:
OECD
Publication Date :
24 Feb 2009
Pages :
246
ISBN :
9789264056510 (PDF) ; 9789264056503 (print)
DOI :
10.1787/9789264056510-en

Hide / Show Abstract

Malware attacks are increasing both in frequency and sophistication, thus posing a serious threat to the Internet economy and to national security. This book is a first step toward addressing the threat of malware in a comprehensive, global manner. It informs readers about malware -- its growth, evolution and countermeasures to combat it;  presents new research into the economic incentives driving cyber-security decisions; and  makes specific suggestions on how the international community can better work together to address the problem.

Related links placeholder

Expand / Collapse Hide / Show all Abstracts Table of Contents

  • Mark
  • Executive Summary - Background
    Spurred by the prevalence of always-on, high-speed connections, the Internet has become a powerful tool for enhancing innovation and productivity. The increasing dependence on the Internet and other communication networks, however, means the Internet has also become a popular and efficient way to distribute computer viruses and other types of malicious software.
  • An Overview of Malware

    Malware is a general term for a piece of software inserted into an information system to cause harm to that system or other systems, or to subvert them for use other than that intended by their owners.

    Malware can gain remote access to an information system, record and send data from that system to a third party without the user’s permission or knowledge, conceal that the information system has been compromised, disable security measures, damage the information system, or otherwise affect the data and system integrity.

  • Malware Attacks: Why, When and How?
    The numerous types of malware can be used separately or in combination to subvert the confidentiality, integrity and availability of information systems and networks. Likewise, a range of different attacks can be conducted to reach different goals, such as denying access to critical information systems, conducting espionage, extorting money (e.g. ransom), or stealing information (e.g. ID theft). Malware can also be used to compromise authenticity and non-repudiation, or conduct attacks on the Domain Name System (DNS).
  • Malware: Why Should We Be Concerned?
    The growth of malware, and the increasingly inventive ways in which it is being used to steal personal data, conduct espionage, harm government and business operations, or deny user access to information and services, is a potentially serious threat to the Internet economy, to the ability to further egovernment for citizen services, to individual’s online social activities, and to national security.
  • Cybersecurity and Economic Incentives
    The past five years have witnessed the emergence of comprehensive efforts to improve the security of information systems and networks. A recent survey by the OECD (2005a) demonstrates that governments have developed national policy frameworks, as well as partnerships with the private sector and civil society, to combat cybercrime. Measures include Computer Security Incident Response Teams (CSIRTs), raising awareness, information sharing and education.
  • Survey of Market Participants
    Participants in the Internet ecosystem are confronted with malware in different ways; their responses are motivated by the specific incentives under which they operate. To better understand these incentives and their effects, a qualitative field research project was designed. In the course of 2007, the research team conducted 41 interviews with 57 respondents from a broad cross-section of organisations. (For more information on the research design and the interviewees, please see the list at the end of this chapter and Annex B.)
  • The Market Consequences of Cybersecurity
    The preceding chapter reported on the efforts and incentives of a variety of Internet market participants. It indicated a number of market-based incentive mechanisms that contribute to enhanced security but also other instances in which decentralised actions may lead to sub-optimal outcomes. A pressing question is: Are participants in the information and communication markets responding adequately to malware, or are improvements possible? Pointing to a variety of reports that show increases in malicious attack trends, one might conclude that markets are not responding adequately. Our analysis revealed a more nuanced picture.
  • The Role of End Users, Business and Government
    Malware affects individuals, business and government in different ways. All those participants can play a role in preventing, detecting, and responding to malware with varying levels of competence, resource, roles and responsibilities, as called for in the OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security (the "OECD Security Guidelines"). Better understanding the roles and responsibilities of the various participants in relation to malware is important to assessing how to enhance the fight against malware.
  • What Is Already Being Done?
    Better understanding of the nature, successes and limitations of ongoing action by communities more specifically involved in fighting malware is also important to assessing how to enhance prevention of, and response to, malware.
  • Possible Next Steps
    This book has only begun to lay the foundation for understanding the malware phenomenon and how it is evolving. Further work in many areas could and should be done to reach a better understanding. Fighting malware is complex and would benefit from more comprehensive measurement, coordination and policy solutions. While many ongoing initiatives are contributing important resources to combating malware, there remain a number of areas for improvement.
  • Annexes
  • Bibliography
  • Add to Marked List