< Storm Worm Dead? | Mail Problems >

OECD Report on Malware

A few days ago, the OECD published a report entitled "Malicious Software (Malware): A Security Threat to the Internet Economy". It provides a high-level overview of current threats in the area of malware and is a nice read.

Excerpt: "This report, developed in collaboration with experts, aims to inform policy makers about malware impacts, growth and evolution, and countermeasures to combat malware. It seeks to analyse some of the main issues associated with malware and to explore how the international community can better work together to address the problem. Highlights include the following:
  • Spam has evolved from a nuisance to a vehicle for fraud to a vector for distributing malware. Malware, in the form of botnets, has become a critical part of a self sustaining cyber attack system. The use of malware has become more sophisticated and targeted. Many attacks are smaller and attempt to stay "below the radar" of the security and law enforcement communities.

  • The effectiveness of current security technologies and other protections in detecting and containing malware is challenged by the shrinking of the time between the discovery of vulnerabilities in software products and their exploitation.

  • [...]

  • Current response and mitigation are mainly reactive. There is a need for more structured and strategic co-ordination at national and international levels with involvement of all actors to more adequately assess and mitigate the risk of malware.

  • No single entity has a global understanding of the scope, trends, development and consequences of malware and thus the overall malware problem is difficult to quantify. Data on malware are not consistent and terminology for cataloguing and measuring the occurrence of malware is not harmonised.

  • Although its economic and social impacts may be hard to quantify, malware used directly or indirectly can harm critical information infrastructures, result in financial losses, and plays a role in the erosion of trust and confidence in the Internet economy."

A similar report was published a few months ago by ENISA: "Security Economics and The Internal Market" (Authors: R. Anderson, R. Böhme, R. Clayton, and T. Moore) - definitely worth reading!
This entry was posted by Thorsten Holz on Wednesday, June 4. 2008 at 01:17. and is filed under paper. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.