Call for mass vaccination to defeat spam botnets

Governments across Europe should carry out mass vaccination of computers to stamp out the networks of hijacked PCs used by cybercriminals to send spam, a new study reports.

Between 80 and 90 per cent of all spam is sent by these so-called 'zombie' computers - and more than half of it originates from the networks of just 50 Internet service providers, many of them large, legitimate providers.

Researchers from Delft University of Technology in the Netherlands used the unique IP addresses of machines known to send spam in an effort to hunt down infected machines.

The research, which was backed by the OECD, investigated 170 million unique IP addresses that between them sent 109 billion junk email messages to a 'spam trap' during the period between 2005 and 2009.

They found that between five and 10 per cent of all PCs with broadband connections in Europe had been hijacked and were being controlled by criminal botnets.

Professor Michel Van Eeten, who led the research at Delft, told the BBC that such was the scale of the problem, ISPs would not be able to tackle it on their own.

Van Eeten pointed to initiatives in Australia and Germany that could show the way forward.

Australian authorities tackled the issue determining how many PCs were affected, and where, by pooling data and sharing it with all of the nation's ISPs.

German authorities have helped to reduce the financial burden on ISPs of cleaning up botnets by creating call centres to which ISPs can refer infected customers that are temporarily public-funded.

Likening botnet infections to the human health epidemics of the Victorian era that prompted the advent of mass vaccination, Van Eeten emphasised the role of states in holding back their spread.

"Governments can be very helpful," he said.