Infected PCs that have been controlled by botnets are likely to stay that way for many years, says Trend Micro.
According to the security firm, the average length of time a PC stays part of a botnet, or is re-infected by it or another bot, varies from country to country, with China not surprisingly leading the way in absolute numbers of infections.
But Trend's figures culled from 100 million compromised IP addresses suggests that 80 percent remain compromised for more than a month, with the global median time for infection being over 300 days.
The majority of botnet-infected PCs, 75 percent, belong to consumers, but a surprising quarter of the IPs were associated with business domains.
Trend Micro assumes that this equates to a much higher level of business botnet infection as a business IP address will usually hide a larger number of possibly infected machines.
The three biggest botnets are associated with the Facebook-targeting Koobface, Zeus/Zbot and the long-established Ilomo/Clampi, the company says, representing possibly 100 million compromised machines.
"This means that cybercriminals have more computing power at their disposal than the entire world's supercomputers combined. Small wonder that more than 90 percent of all email worldwide is now spam," the Trend researchers says.
It is not a new insight by any means, but the analysis nevertheless detects a surprisingly large group of PCs that appear to stay compromised indefinitely, undermining efforts to fight the botnet phenomenon.
Every country measured by Trend showed this spike (including the UK) and the numbers are significant, from tens of thousands to hundreds of thousands of PCs that exist as loyal botnet zombies for years at a time.
The numbers of old zombies far outnumbers the numbers of new zombies - those which have been infected for between one and three days - by some distance.
See also: Is your PC botnet infested?