More than one million households in the UK are believed to be harbouring criminals inside their family PC.
A large-scale global study suggests 5-10% of all domestic computers are regularly linked to criminal networks called botnets.
The figures suggest that about 6% of the UK's 19 million net-using households are enrolled in botnets.
Hijacked PCs could be sending spam, attacking websites or surrendering bank details to criminals.Trapping spam
The data on the botnet infestations was gathered by a team of Dutch researchers looking into ways to limit the spread of these criminal tools.
"We are talking really big numbers here," said Prof Michel van Eeten, from the Delft University of Technology who headed the team which gathered the survey data.
Topping the list of infection rates were Greece and Israel where about 20% of all broadband subscribers are thought to be regularly recruited into a botnet.
The data was gathered from several different sources. The bulk of it came from spam traps - fake email addresses set up solely to receive junk mail.
Dave Rand of Trend Micro has run spam traps for decades and has a database of billions of spams revealing the origins of junk messages. The majority of spam, more than 90%, is sent through botnets whose internet addresses are a good guide to where the drone machines are located.
The Dutch researchers took the spam-sending IP addresses and then traced each one to an ISP. To this it added data about the Conficker botnet, one of the biggest, as well as incident reports from computer security company DShield which showed other criminal net activity likely to have originated on botnets.
Prof van Eeten said there was little duplication between the three data sets which suggested that true infection rates are even higher. Together, the sources gave a good overview of the scale of the botnet problem.
The information has been shared with many agencies tackling cyber-crime and ISPs. They have been surprised by how pervasive botnets have become.
"The ISPs were quite shocked when they saw the discrepancy between what we saw and what they saw," he told the BBC. The discrepancy arose, he said, because net firms did not seek out the available data on infections in their networks.
Another complication was that botnet herders did not use all the machines under their control at once. Instead, he said, they used a subset of the thousands or millions they controlled for each task they were paid to carry out. Only by conducting a long-term study would it possible to get a sense of the real numbers.
Source: BBC Tech News