How Many Bot-Infected Machines on the Internet?

This Monday, I was surprised after I read news reports of Vinton Cerf’s participation in the “Who Will Run the Internet?” panel at the World Economic Forum in Davos, Switzerland.

As reported on BBC.news, up to a quarter of the computers on the net may be used by cybercriminals in so-called botnets. They add Mr. Vinton Cerf said : “of the 600 million computers currently on the internet, between 100 and 150 million were already part of these botnets”.

For ZDNET, the Internet guru predicted and is quoted as saying that “a quarter of all PCs currently connected to the internet ”” around 150 million ”” could be infected by Trojans which covertly seize control of a computer and its broadband connection, handing control of both to remote criminals”.

These figures are phenomenal and somewhat conflicted:

• In January 2005, I discussed less than 10 million infected machines.
• In January 2006, professor Merrick Furst from the Georgia Tech’s College of Computing explained he was pretty sure at least 7 percent of the Internet was infected. For him typical numbers of conscripted machines ranged from around 75 million to 100 million.
• Now, in January 2007, the new figures seems to be between 100 and 150 million.

I do not deny these latest figures, but I question whether they correspond to 25% of PCs currently connected to the Internet.

Visiting the World Economic Forum blog, I found an entry posted after the panel ended. It is explained that “botnets (infected PCs under the control of bad guys) represent over 10% of the PCs connected to the Internet.”

I agree more with this percentage, although it is no less worrying!