Just 50 ISPs account for around half of all botnet-infected machines worldwide, and greater collaboration is needed between governments and service providers to reduce infection rates, according to the latest research from the Organisation for Economic Co-operation and Development (OECD).
The OECD's wide-ranging paper, entitled The role of internet service providers in botnet mitigation, was compiled by studying 170 million IP addresses known to have been sending spam between 2005 and 2009.
"Our findings lend direct and indirect support to the view that ISPs are important potential control points," the report noted.
"The 200 ISPs that hold the lion's share of the access markets in a wider OECD area harbour over 60 per cent of all infected machines worldwide registered by the spam trap."
The report found that all legitimate ISPs harbour a share of infected machines, but vary widely in how effective they are at dealing with spam.
Crucially, government-backed efforts seem to reduce infection rates among ISPs, the research found.
"Some countries are known for their efforts in which governments and ISPs collaborate in the area of cyber security, most notably Japan and Finland," the report continued.
"In our data, Japan and Finland consistently show up among the countries with the lowest infection rates."
The report will be food for thought for law enforcers and security researchers who have hitherto concentrated their efforts mainly on rogue ISPs.
"Any success that might be achieved against rogue ISPs does little to clean up the actual infected machines," the report concluded.
"When a botnet is 'beheaded' by taking down the command and control servers, it leaves in place all of the infected machines. The owner of the botnet may succeed in setting up new servers somewhere else."
Clodagh Murphy, director of business ISP Eclipse Internet, agreed that more co-operation is needed between ISPs and government in order to develop "the appropriate framework to secure themselves against cyber attacks".
"For too long now, the attitude toward security has been one of naivety. Often, being a secondary item on the list for many ISPs," she added.
“These days, there is a need to have more ISP participation on the future planning of the next generation infrastructure required to address the changes that will affect internet security in years to come."
'We are making good progress on 10nm,' claims Intel
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn
Research could also apply to other 'space weather' events involving hot, fast-moving plasma
Dark matter holds the Universe together - and gravitational waves could help identify it