Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data from Shadowserver, a volunteer-run organisation, they now have a better idea of which Internet Service Providers have the biggest problem.
In terms of the total number of infected computers, China Telecom's Chinanet seems to have been hardest hit by the worm, which began spreading late last year.
The Chinese ISP had more than 1 million infected systems within its massive 94 million IP address network. That amounts to just over 1 percent of the company's network. But while Chinanet has the most total infections - amounting to about 14 percent of all known copies of the worm - it doesn't have the highest percentage of infected systems. Other, smaller ISPs show up on Shadowserver's list with infection rates as high as 25 percent.
"There's definitely a challenge at the ISP level with remediation," said Andre DiMino one of Shadowserver's founders.
Conficker got a lot of attention earlier in the year, particularly around an expected attack around 1 April, an attack that never materialised. Because Conficker is the most widespread botnet ever reported, security experts worry that it could be used to launch an unprecedented denial of service attack.
But, despite its size, the network of hacked computers has been associated with very little malicious activity. That's given computer users a false sense of security, DiMino said.
"The rate of remediation is not as good as we would have liked," he said. "The awareness and the alarm about Conficker kind of faded out after April 1st because nothing really dramatic happened."
Some ISPs, such as US-based Comcast have taken to notifying users when their computers are infected or offering them free security software so they can get cleaned up. Comcast had a 0.05 percent infection rate, according to Shadowserver's numbers. AT&T was measured at 0.02 percent.
The top two ISPs on Shadowserver's list, China Telecom and China Unicom (with 472,892 infected IPs) did not have any immediate official comment on the Conficker infections, but customer support reps for both companies said that helping customers with virus problems is outside of the scope of their service.