Botnet PCs stay infected for years

A hardcore of PCs controlled by botnets stay that way for years, an analysis from security vendor Trend Micro has found.

According to an unpublished research note, the average length of time a PC stays part of a botnet, or is re-infected by it or another bot, varies from country to country, with China not surprisingly leading the way in absolute numbers of infections.

But Trend's figures culled from 100 million compromised IP addresses suggests that eighty percent remain compromised for more than a month, with the global median time for infection being over 300 days.

The majority of botnet-infected PCs, 75 percent, belong to consumers, but a surprising quarter of the IPs were associated with business domains. Trend Micro assumes that this equates to a much higher level of business botnet infection as a business IP address will usually hide a larger number of possibly infected machines.

The three biggest botnets are associated with the Facebook-targeting Koobface, Zeus/Zbot and the long-established Ilomo/Clampi, the company says, representing possibly 100 million compromised machines.

"This means that cybercriminals have more computing power at their disposal than the entire world's supercomputers combined. Small wonder that more than 90 percent of all email worldwide is now spam," the Trend researchers says.

It is not a new insight by any means, but the analysis nevertheless detects a surprisingly large group of PCs that appear to stay compromised indefinitely, undermining efforts to fight the botnet phenomenon.

Every country measured by Trend showed this spike (including the UK) and the numbers are significant, from tens of thousands to hundreds of thousands of PCs that exist as loyal botnet zombies for years at a time. The numbers of old zombies far outnumbers the numbers of new zombies - those which have been infected for between one and three days - by some distance.