China has taken over as the world's most botnet-infested country, as the sophistication and danger of cyber-attackers continues to grow, according to Symantec.

Botnets are currently one of the most serious threats to internet users, responsible for generating most of the internet's spam, phishing emails and denial-of-service attacks.

In its semi-annual Internet Security Threat Report, Symantec found that even as the number of zombie PCs increased by 29 percent to 6 million in the second half of 2006, the number of control servers decreased by one-quarter, as botnet owners consolidated their networks and increased the size of their existing networks.

Forty percent of those control servers are based in the US, which originated the most malicious activity of any country at 31 percent, Symantec said. It was followed by China with 10 percent and Germany with 7 percent.

But China is the country where most of the physical machines making up the botnets are now located, with 26 percent of all zombie PCs. That honour was previously held by the US, and, up to the first half of 2005, by the UK.

Symantec believes botnet infections grow rapidly in countries that are experiencing a sudden increase in the number of broadband connections.

Beijing is now the city with the most zombie PCs, with 5 percent of the world's total. In the EMEA region, France and Germany now have the biggest share of zombie PCs, with the UK's proportion falling from 22 percent to 11 percent. Madrid is the most bot-infested city in EMEA, with 6 percent of the regional total; it's followed by London and Paris.

Symantec counted an average of 21,707 new active zombies per day in EMEA during the period measured. More than 2.3 million zombies were active at any time in EMEA, sharply up from the 1 million per day average of the previous six months.

The company found that, as predicted, attackers are shifting away from mass-mailing worms toward using Trojans, with Trojans constituting 45 percent of the top 50 malicious code samples, up 23 percent from the previous six months.

Symantec noted 12 zero-day (unpatched) bugs during the second half of 2006, up from only one the previous half.