This report set out to empirically answer the following questions:
- First, to what extent are ISPs critical control points for botnet mitigation?
- Second, to what extent do they perform differently relative to each other, in terms of the number of infected machines in their networks?
- Third, to what extent can we explain the differences in performance from the characteristics of the ISPs or the environment in which they are located?
The findings lend direct and indirect support to the view that ISPs are important potential control points. The 200 ISPs that hold the lion's share of the access markets in a wider OECD area – the 33 members, plus two "accession candidates" (Estonia and the Russian Federation) and the five "enhanced-engagement" countries (Brazil, China, India, Indonesia and South Africa) – harbor over 60% of all infected machines worldwide registered by the spam trap.
Furthermore, the data indicates that infected machines display a highly concentrated pattern. The networks of just 50 ISPs account for around half of all infected machines worldwide. This is remarkable, in light of the tens of thousands of entities that can be attributed to the class of ISPs. The bulk of the infected machines are not located in the networks of obscure or rogue ISPs, but in those of established, well-known ISPs.