Half of all botnets hosted in just 50 servers

Researchers tracked the origin of 109 billion spam email - as most spam is sent from infected machines

Fifty internet service providers are home to half of all botnets, according to new research published by the Organisation for Economic Cooperation and Development (OECD).

Researchers at the University of Michigan and the Delft University of Technology in the Netherlands tracked the origin of 109 billion spam email messages, reasoning that most spam is sent from infected machines.

That analysis showed that almost half of all messages came from machines connected to just 50 ISPs. "The bulk of the infected machines are not located in the networks of obscure or rogue ISPs, but in those of established, well-known ISPs," stated the OECD report.

The figures highlight the pervasive extent of the botnet threat, rather than point to any failings of the ISPs, said Tony Lock, an analyst with Freeform Dynamics. "There are a lot of PC users out there that don't protect their systems. So big ISPs with lots of customers will probably have a lot of infected machines on their networks."

But while ISPs may be capable of cutting off botnet traffic running over their networks, it would require a level of data scanning that current privacy laws prohibit, he said.

"The only real way to tackle the problem is through more user education," Lock added.