Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Convincing Internet service providers to pinpoint infected computers on their networks could eliminate the lion’s share of zombie computers responsible for churning out spam and initiating other online threats, according to a new analysis.

The researchers analyzed more than 63 billion unsolicited e-mail messages sent over a four-year period and found more than 138 million unique internet addresses linked to sending out the spam. Typically such machines have been hijacked by hackers and are corralled into a vast network of remote-controlled system known as a “botnet.”

By correlating the Internet protocol addresses of these spam-sending machines with the networks maintained by Internet service providers, the researchers found that about two-thirds of them were located in the networks managed by the 200 largest ISPs from 40 countries. The top-50 networks responsible accounted for more than half of all compromised IP addresses. If these ISPs were to shut down, or block, the malicious machines on their networks, it could cut worldwide spam by half.

“Those 50 ISPs are not the [dubious] ones we hear about,” says Michel van Eeten, professor of public administration at the Delft University of Technology in the Netherlands and one of the authors of a paper on the research, which will be presented next month at the Workshop on the Economics of Information Security at Harvard University. “They are the ones we deal with every day, and so are more approachable and are in the reach of government.”

The research suggests that regulations designed to force ISPs to take action to curtail compromised systems would dramatically impact cybercriminals’ botnets.

Turkey’s national Internet service provider, Turk Telecom, recently blocked its users from sending mail through any but its own servers. As a result, nearly four million IP addresses showing signs of infection could no longer send spam, says David Rand, another member of the research team and chief technology officer of antivirus firm Trend Micro. Regulations that would prod other Internet service providers to take similar action could help clean up major networks, Rand says. “The goal here is to create some legislation that forces the ISPs to at least notify their customers,” he says.

3 comments. Share your thoughts »

Credit: Technology Review

Tagged: Computing, security, hackers, networking, Internet Security, botnet, ISP

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me