An OECD study into online crime says that increased activity by cyber criminals has left an estimated one-in-four US computers infected with malware.
The report, entitled Malicious Software (malware): a Security Threat to the Internet Economy, gives an impression of two worlds engaged in an uneven war of virus invasion and belated defence.
Cyber crime, to steal data, spy and attack government and business computer systems "is a potentially serious threat to the internet economy," the study, published on Friday, warns.
Organisations involved in "fighting malware offer essentially a fragmented local response to a global threat," the Organisation for Economic Cooperation and Development says.
"Over the last 20 years, malware has evolved from occasional 'exploits' to a global multi-million-dollar criminal industry ... Cyber criminals are becoming wealthier and therefore have more financial power to create larger engines of destruction."
"It is estimated that 59 million users in the US have spyware or other types of malware on their computers," the OECD report said.
According to Nielsen/Netratings, the US internet population stood at an estimated 216 million at the end of 2007.
In the last five years there has been a upsurge in such criminal activity to attack systems and steal information, money and identities.
Using agents with names ranging from "zombies" and "worms" to "botnets," "Trojan horses" or "money mules," criminals can wreak havoc, usurping identities, recruiting and organising cohorts of computers for coordinated attacks, and even steal data for ransom.
"A botnet is a group of malware-infected computers also called 'zombies' or bots that can be used remotely to carry out attacks against other computer systems," the OECD said.
The report implied that some governments might also use similar techniques, saying: "It can also be assumed that nation states have the same capabilities."
The OECD warns that all forms of hacking have gone far beyond the adolescent disruption of the early days of the personal computer, to become a powerful and growing weapon in the hands of serious criminals.
It is highly profitable, at minimal cost to the criminals but a huge and unknown cost to honest users.
"There is no simple conclusion to the complex problems presented by malware," the report concludes.
"Malware has the potential to adversely affect any and all Internet users, from enterprises to governments to end users."
The rapid onward march of malware "makes international co-operation essential to addressing the problem," it said.
The first malicious virus, called "brain," emerged in 1986 and in 1988 a "worm" called "Morris" ate into more than 6000 computers. The development of electronic mail in the 1990s generated worm epidemics under such names as "Melissa" or "MyDoom."
Some studies estimate that about 80 per cent of web-based malware was hosted on "innocent but compromised" websites and one report found 53.9 per cent of all malicious sites were hosted in China, followed by the United States with 27.2 percent.
"In June 2006, a Trojan horse attacked files in Microsoft Windows users' 'my documents.' The files were then encrypted so users could not access them withut paying a ranson," the OECD report noted.
Kits to mount cyber attacks can even be downloaded easily from the internet and some even come with "service" contracts requiring the buyer to make new versions for the seller. This could cost as little as $US800 .
Addresses harvested through the Internet can be used to control a botnet and can be bought for about $US100 for 10 million addresses.
An association of British banks estimated malware losses at £12.2 million in 2004 but £33.5 million in 2006.
One defensive action every computer user can take is to install a firewall and anti-virus software to keep subversive agents out, and to react quickly when invasion is suspected, the report advises.
However, a study by the Australian government in 2005 found that only one in seven Australian computers was protected by a firewall.
AFP and agencies
http://www.smh.com.au/news/security...ed-with-malware/2008/06/02/1212258708582.html
) of the user experience.
