The shutdown of hosting company McColo last week crippled more than 500,000 bots which are no longer able to receive commands from criminals, according to a security researcher.
Although the infected PCs are still operational, the previously-planted malware that tells them what to do cannot receive instructions because of the shutdown of McColo.
"Half a million bots are either offline or not communicating" with their command-and-control servers, estimated Joe Stewart , director of malware research at SecureWorks.
The California firm was disconnected from the Internet by its upstream service providers at the urging of researchers who believed the company's servers hosted a staggering amount of cybercriminal activity, including the command-and-control servers of some of the planet's biggest botnets. Those collections of infected PCs were responsible for as much as 75 percent of the spam sent worldwide; when McColo went dark, spam volumes dropped by more than 40% in a matter of hours.
The McColo takedown resulted in a record number of bots being severed from their hacker controllers by any single event, Stewart said. He compared it to last September, when Microsoft 's anti-malware utility, the Malicious Software Removal Tool (MSRT), purged nearly 300,000 infected PCs of the infamous Storm Trojan.
"That had a good impact, but it didn't stop the flow of spam globally," Stewart said of the MSRT takedown. "It didn't make a difference to other botnets that were still spamming away."
Knocking McColo offline, on the other hand, disrupted at least two major botnets - "Rustock" and "Srizbi" - said Stewart, and caused spam to plummet around the globe.
Stewart, a leading authority on botnets, estimated the strength of the top 11 botnets last April. Srizbi, at 315,000 bots, was No. 1 in his census, while Rustock, at 150,000, was in the No. 3 spot.