A Dutch study has suggested that ISPs may need government help to clean up the botnet epidemic.
The Dutch researchers used a ‘spam trap’ to record the IP address origins of over 109 billion spam messages. Since 80-90% of spam comes from botnet infected machine, this provided a good indication of the location of ‘zombie’ computers.
The results were startling: a mere 50 ISPs were found to account for half of worldwide botnet infections.
“This is remarkable, in light of the tens of thousands of entities that can be attributed to the class of ISPs. The bulk of the infected machines are not located in the networks of obscure or rogue ISPs, but in those of established, well-known ISPs,” said the report.
In an interview with the BBC, Professor Van Eeten identified two main obstacles to purging the epidemic. Firstly, ISPs lack crucial information the whereabouts of infected machines. Secondly, while ISPs can quarantine infected computers, they find it extremely costly to help customers disinfect their machines.
The Professor suggested that governments could help by providing publicly funded helplines for owners of infected machines. South Korea and Germany have adopted this strategy, with some success. Such a ‘vaccination scheme’ could reduce the costs which currently prevent ISPs from dealing with the problem.