{"id":44908,"date":"2026-04-10T00:01:46","date_gmt":"2026-04-09T23:01:46","guid":{"rendered":"https:\/\/www.ispreview.co.uk\/?p=44908"},"modified":"2026-03-20T15:22:28","modified_gmt":"2026-03-20T15:22:28","slug":"the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps","status":"publish","type":"post","link":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html","title":{"rendered":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs"},"content":{"rendered":"<p>A quick look at the global Threat Map from internet security giant <a href=\"https:\/\/www.spamhaus.com\" target=\"_blank\" rel=\"noopener\">Spamhaus<\/a> can sometimes be quite illuminating. The map displays the activity of botnets around the world, fuelled by malware infected devices, and these days it&#8217;s not uncommon to see the likes of Sky (<a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/bskyb\" rel=\"nofollow\" target=\"_blank\">Sky Broadband<\/a>), <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/vm\" rel=\"nofollow\" target=\"_blank\">Virgin Media<\/a> and <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/britishtelecom\" rel=\"nofollow\" target=\"_blank\">BT<\/a> popping up in the top ten table (i.e. ISPs with the most infected connections).<!--more--><\/p>\n<p>Before we get started it&#8217;s important to understand that a <strong>botnet<\/strong> is one big network of internet-connected devices (e.g. older smartphones, laptops, <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/link\/wifi\">WiFi<\/a> cameras, android TV boxes, routers etc.) that have been infected and hijacked by malicious software (<strong>malware<\/strong>). Such networks are often remotely controlled by special command servers, which are themselves managed by an individual or small groups of attackers (&#8220;<em>bot herders<\/em>&#8220;).<\/p>\n<div class=\"bq2\"><strong>NOTE:<\/strong> Devices that have become part of a botnet won&#8217;t usually make it obvious, since it&#8217;s in the bot herders interests to fly under the radar without you noticing. The latter approach can make it easier for them to steal your personal data or to continue hijacking bandwidth from your network for nefarious purposes (DDoS, AI scraping for vulnerabilities, sending SPAM etc.).<\/div>\n<p>The <a href=\"https:\/\/www.spamhaus.com\/threat-map\/\" target=\"_blank\" rel=\"noopener\"><strong>Spamhaus Threat Map<\/strong><\/a> is essentially designed to help visualise detections of such activity across the world and displays a statistical table of the number of malware infected devices (we&#8217;ll call these &#8216;detections&#8217;). Spamhaus informed ISPreview that the data in their tables represents the number of IP (Internet Protocol) addresses hosted on each ISP&#8217;s network that show &#8220;<em>signs<\/em>&#8221; of being compromised.<\/p>\n<p>&#8220;<em>Devices using these IP addresses have been observed to be infected with malware, running trojans, being controlled by botnet C&amp;Cs or operating as abused (residential) proxies. These IPs are legitimate but have been hijacked through third-party exploits. Spamhaus automatically adds an IP to the Exploits Blocklists when there is compelling evidence that the associated device is insecure, compromised, or infected<\/em>,&#8221; said a Spamhaus spokesperson to ISPreview.<\/p>\n<p>At the time of starting to write this article, on 4th March 2026, <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/britishtelecom\" rel=\"nofollow\" target=\"_blank\">BT<\/a> had just dipped out of the top table (they only occasionally enter it), while <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/vm\" rel=\"nofollow\" target=\"_blank\">Virgin Media<\/a> held 6th place with a total of 53,016 detections and Sky (<a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/bskyb\" rel=\"nofollow\" target=\"_blank\">Sky Broadband<\/a>, Sky TV etc.) sits in 10th position with 39,248 &#8211; as measured over the previous 24 hours. Both Sky and Virgin are often present in the list.<\/p>\n<p>The United Kingdom also sits in 5th position on the country table (194,105), which was at the time just below India and Brazil, with China (419,237) and the USA (650,043) dominating. But it&#8217;s worth noting that no other European country makes it into the top ten. As with the ISP table, Spamhaus confirms the country table &#8220;<em>represents the total number of detections by country where IP addresses linked to exploited devices are hosted<\/em>&#8220;.<\/p>\n<p><img decoding=\"async\" class=\"ngg-singlepic ngg-none\" style=\"padding: 0px; width: 100%; border-radius: 6px;\" src=\"https:\/\/www.ispreview.co.uk\/wp-content\/gallery\/2026-uk-internet-statistics\/Spamhaus-Live-Botnet-Threats-4th-March-2026.webp\" alt=\"Spamhaus-Live-Botnet-Threats-4th-March-2026\"><\/p>\n<p>The fact that a country of the UK&#8217;s modest size, as well as several of its major internet providers, are even in the top table may come as somewhat of a surprise, but it&#8217;s not that unexpected. The UK has one of the world&#8217;s largest digital economies, often ranking within the top 5 countries &#8211; behind the likes of the USA, China, and Japan.<\/p>\n<p>According to the UK Government, the Digital Sector is provisionally estimated to have accounted for 6.8% of total UK Gross Value Added (GVA) in 2024 at \u00a3177.2bn in current prices &#8211; similar to the estimated 6.7% of total UK GVA in 2023 (<a href=\"https:\/\/www.gov.uk\/government\/statistics\/economic-estimates-digital-sector-annual-2010-to-2024-and-regional-2010-to-2022-gross-value-added\/economic-estimates-digital-sector-annual-2010-to-2024-and-regional-2010-to-2022-gross-value-added\">here<\/a>). Suffice to say that with an active online economy and plenty of online users, the UK likely also has a sizeable population of older internet-connected devices that may be vulnerable to remote exploits.<\/p>\n<p>Such devices often reflect those that are no longer supported (EOL &#8211; <strong>End of Life<\/strong>) or which are still supported, but where the end-user hasn&#8217;t applied any recent firmware (software) updates to ensure they&#8217;re patched against the latest vulnerabilities. In other cases people may have had their computers or other devices directly compromised by Viruses\/Trojans (malicious software) via Phishing scams or similar.<\/p>\n<h3><span style=\"color: #339966;\"><strong>Detecting botnets<\/strong><\/span><\/h3>\n<p>Detecting whether a device within your wider network has been compromised to become part of a botnet is also quite difficult and requires careful monitoring of all your network traffic for connectivity to foreign IP addresses, which is not something that&#8217;s easy for the average Joe or Jane. But tools like <a href=\"https:\/\/www.wireshark.org\/\"><strong>Wireshark<\/strong><\/a> or your router&#8217;s traffic analyser (if it has one) can help.<\/p>\n<p>On top of that it&#8217;s worth keeping an eye out for high CPU or Fan usage on devices, where such visibility exists, as a heavily active botnet may make the mistake of sucking too much of your network bandwidth or router CPU cycles &#8211; causing increased load, which is particularly obvious when it occurs during normally low periods of usage.<\/p>\n<p>The <a href=\"https:\/\/check.labs.greynoise.io\/\" target=\"_blank\" rel=\"noopener\"><strong>GreyNoise IP Check<\/strong><\/a> might also help to identify if the IP address assigned by your broadband ISP has been linked to bad traffic (note: users on a Virtual Private Network [VPN] may have an IP with a negative reputation, due to past abuse by other users). Plus it doesn&#8217;t hurt to keep an eye on activity for commonly used ports like 6667 (often used for IRC communication between bots) or 1080 (often used for SOCKS proxy servers).<\/p>\n<p>In addition, botnets that spew email SPAM often like to use port 25, due to the lack of required authentication and encryption via the legacy <strong>Simple Mail Transfer Protocol<\/strong> (SMTP). This is one of the reasons why broadband ISPs frequently block such ports (<a href=\"https:\/\/www.ispreview.co.uk\/index.php\/2026\/01\/broadband-isp-youfibre-uk-set-to-block-email-internet-port-25-from-friday.html\">example<\/a>), despite the risk of unintended consequences.<\/p>\n<p>The core advice is still relevant here &#8211; set strong and different passwords for all your network devices, use good anti-virus\/internet security software and keep your devices up-to-date. Once a device within your network falls out of support, be it a smart doorbell, Android phone or some other piece of internet-connected kit, then it&#8217;s probably only a matter of time before somebody finds a way to exploit it (i.e. remove or replace it as soon as possible).<\/p>\n<h3><span style=\"color: #339966;\"><strong>What can broadband ISPs do?<\/strong><\/span><\/h3>\n<p>Major internet providers, like those mentioned earlier, typically operate complex network monitoring systems (i.e. traffic analysis, DNS monitoring) that are often capable of detecting when an end-user&#8217;s traffic has become associated with a known botnet or other known virus\/trojan infections etc.<\/p>\n<p>The signals broadband provider&#8217;s see for this are limited, but often it can be enough for a proactive provider to notify the end-user of their concerns and advise on the appropriate action. Quite a few providers also offer some degree of network-level or router-level security to help tackle such things, although those systems won&#8217;t catch everything.<\/p>\n<p>ISPreview did ask <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/bskyb\" rel=\"nofollow\" target=\"_blank\">Sky Broadband<\/a>, <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/britishtelecom\" rel=\"nofollow\" target=\"_blank\">BT<\/a> (<a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/eebroadband\" rel=\"nofollow\" target=\"_blank\">EE<\/a>) and <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/go\/vm\" rel=\"nofollow\" target=\"_blank\">Virgin Media<\/a> to comment on all this. Sadly, Sky didn&#8217;t respond (despite several requests), while BT declined to supply a comment, although they did indicate their belief that the information published by Spamhaus didn&#8217;t align with their own insights (i.e. they indicated the data lacked insight into how it was gathered or verified).<\/p>\n<p>BT added that, during 2025, their team of 3,000 security professionals had blocked 1.6 billion attempts to access malicious domains and stopped 200 million scam SMS messages. The provider also noted that their broadband customers are given access to their anti-virus and online security services for real-time protection, while they added that users are proactively encouraged to keep their systems and passwords up-to-date.<\/p>\n<p>Finally, Virgin Media, which has historically been one of the most pro-active ISPs when it comes to tackling such issues, did comment and noted how their customers are all provided with access to their &#8216;<em>Essential Security<\/em>&#8216; service at no extra cost (enabled by default). Like BT&#8217;s solution, this helps to protect them online by blocking access to websites identified as fraudulent or potentially carrying viruses, among other things.<\/p>\n<p>Virgin&#8217;s service is also said to prevent any data from being shared outside a customer\u2019s network if suspicious or malicious activity is detected on their devices.<\/p>\n<blockquote class=\"bq1\"><p><strong>A Virgin Media spokesperson told ISPreview:<\/strong><\/p>\n<p>\u201cWe take the security and protection of our customers extremely seriously and have a range of tools and services in place to help keep them safe. All customers benefit from our Essential Security product free of charge, which helps protect against scams and malicious software. This feature is switched on by default, ensuring customers are protected from day one.\u201d<\/p><\/blockquote>\n<p>We should point out that, under recent changes in UK law &#8211; the <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/2024\/04\/gov-enforce-new-uk-internet-security-and-broadband-boosting-law.html\" target=\"_blank\" rel=\"noopener\"><strong>Product Security and Telecommunications Infrastructure Act<\/strong><\/a> (PSTI) and <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/2022\/08\/new-uk-telecoms-and-internet-security-code-to-go-live-in-october.html\"><strong>Telecoms (Security) Act<\/strong><\/a> (TSA) &#8211; all of these providers are also required to be proactive in ensuring that the routers and other networked devices they supply are secure and kept up-to-date; upgrades are usually offered where that is no longer the case (examples <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/2024\/05\/bt-talktalk-virgin-media-and-vodafone-on-uk-router-security-and-upgrades.html\">here<\/a> and <a href=\"https:\/\/www.ispreview.co.uk\/index.php\/2025\/04\/virgin-media-uk-offer-free-broadband-router-upgrade-from-oldest-hubs.html\">here<\/a>).<\/p>\n<p>However, as pointed out above, router and software level security isn&#8217;t perfect and won&#8217;t stop everything. Enterprising attackers often scan the public internet with mass automated routines that look for devices known to be vulnerable to certain exploits, which will often sit deeper inside your network and may be exposed to remote connectivity.<\/p>\n<p>Suffice to say that it&#8217;s important for people to take a holistic view of their network (i.e. don&#8217;t assume that every device on your network is protected and secure) and don&#8217;t make the mistake of assuming that your ISP can protect your home network against everything. If anything, the advent of AI control systems and the wide availability of multi-gigabit speed full fibre broadband is probably only going to make this problem even harder to tackle.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets around the world, fuelled by malware infected devices, and these days it&#8217;s not uncommon to see the likes of Sky (Sky Broadband), Virgin Media and BT popping up in the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":44910,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[1],"tags":[109,479,34],"class_list":["post-44908","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uk_isp_news","tag-internet-privacy","tag-security","tag-statistics"],"share_on_mastodon":{"url":"https:\/\/mastodon.social\/@ispreview\/116377243959305777","error":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK<\/title>\n<meta name=\"description\" content=\"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK\" \/>\n<meta property=\"og:description\" content=\"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\" \/>\n<meta property=\"og:site_name\" content=\"ISPreview UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/ispreview\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-09T23:01:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Mark Jackson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ispreview\" \/>\n<meta name=\"twitter:site\" content=\"@ispreview\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Jackson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\"},\"author\":{\"name\":\"Mark Jackson\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\"},\"headline\":\"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs\",\"datePublished\":\"2026-04-09T23:01:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\"},\"wordCount\":1607,\"commentCount\":9,\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/nggallery_import\\\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp\",\"keywords\":[\"Internet Privacy\",\"Security\",\"Statistics\"],\"articleSection\":[\"ISP News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\",\"name\":\"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/nggallery_import\\\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp\",\"datePublished\":\"2026-04-09T23:01:46+00:00\",\"description\":\"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/nggallery_import\\\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/nggallery_import\\\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp\",\"width\":1200,\"height\":1200,\"caption\":\"Computer and device UK internet security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/2026\\\/04\\\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#website\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"name\":\"ISPreview UK\",\"description\":\"Top Broadband ISP and Mobile Provider Information Site\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.ispreview.co.uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#organization\",\"name\":\"ISPreview.co.uk\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2020\\\/07\\\/ispreview_uk_logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"ISPreview.co.uk\"},\"image\":{\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mjack\\\/\",\"https:\\\/\\\/bsky.app\\\/profile\\\/ispreview.bsky.social\",\"https:\\\/\\\/mastodon.social\\\/@ispreview\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/#\\\/schema\\\/person\\\/de66a8b4e937c21c80e443d1bf9c35d5\",\"name\":\"Mark Jackson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/www.ispreview.co.uk\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/nggallery_import\\\/Mark-Jackson-96x96.jpg\",\"caption\":\"Mark Jackson\"},\"description\":\"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.\",\"sameAs\":[\"http:\\\/\\\/www.ispreview.co.uk\",\"https:\\\/\\\/www.facebook.com\\\/ispreview\",\"https:\\\/\\\/x.com\\\/ispreview\"],\"url\":\"https:\\\/\\\/www.ispreview.co.uk\\\/index.php\\\/author\\\/markj\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK","description":"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html","og_locale":"en_GB","og_type":"article","og_title":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK","og_description":"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets","og_url":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html","og_site_name":"ISPreview UK","article_publisher":"https:\/\/www.facebook.com\/ispreview","article_author":"https:\/\/www.facebook.com\/ispreview","article_published_time":"2026-04-09T23:01:46+00:00","og_image":[{"width":1200,"height":1200,"url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp","type":"image\/webp"}],"author":"Mark Jackson","twitter_card":"summary_large_image","twitter_creator":"@ispreview","twitter_site":"@ispreview","twitter_misc":{"Written by":"Mark Jackson","Estimated reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#article","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html"},"author":{"name":"Mark Jackson","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5"},"headline":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs","datePublished":"2026-04-09T23:01:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html"},"wordCount":1607,"commentCount":9,"publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage"},"thumbnailUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp","keywords":["Internet Privacy","Security","Statistics"],"articleSection":["ISP News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html","url":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html","name":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs - ISPreview UK","isPartOf":{"@id":"https:\/\/www.ispreview.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage"},"thumbnailUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp","datePublished":"2026-04-09T23:01:46+00:00","description":"A quick look at the global Threat Map from internet security giant Spamhaus can sometimes be quite illuminating. The map displays the activity of botnets","breadcrumb":{"@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#primaryimage","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2026\/02\/nggallery_import\/Computer-and-device-UK-internet-security-by-123rf-ID110184858.webp","width":1200,"height":1200,"caption":"Computer and device UK internet security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ispreview.co.uk\/index.php\/2026\/04\/the-scourge-of-malware-infected-customer-devices-at-big-uk-broadband-isps.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ispreview.co.uk\/"},{"@type":"ListItem","position":2,"name":"The Scourge of Malware Infected Customer Devices at Big UK Broadband ISPs"}]},{"@type":"WebSite","@id":"https:\/\/www.ispreview.co.uk\/#website","url":"https:\/\/www.ispreview.co.uk\/","name":"ISPreview UK","description":"Top Broadband ISP and Mobile Provider Information Site","publisher":{"@id":"https:\/\/www.ispreview.co.uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ispreview.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.ispreview.co.uk\/#organization","name":"ISPreview.co.uk","url":"https:\/\/www.ispreview.co.uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2020\/07\/ispreview_uk_logo.jpg","width":1000,"height":1000,"caption":"ISPreview.co.uk"},"image":{"@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview","https:\/\/www.linkedin.com\/in\/mjack\/","https:\/\/bsky.app\/profile\/ispreview.bsky.social","https:\/\/mastodon.social\/@ispreview"]},{"@type":"Person","@id":"https:\/\/www.ispreview.co.uk\/#\/schema\/person\/de66a8b4e937c21c80e443d1bf9c35d5","name":"Mark Jackson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","url":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","contentUrl":"https:\/\/www.ispreview.co.uk\/wp-content\/uploads\/2023\/01\/nggallery_import\/Mark-Jackson-96x96.jpg","caption":"Mark Jackson"},"description":"By Mark Jackson Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook, BlueSky, Threads.net and Linkedin.","sameAs":["http:\/\/www.ispreview.co.uk","https:\/\/www.facebook.com\/ispreview","https:\/\/x.com\/ispreview"],"url":"https:\/\/www.ispreview.co.uk\/index.php\/author\/markj"}]}},"_links":{"self":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/44908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/comments?post=44908"}],"version-history":[{"count":0,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/posts\/44908\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/media\/44910"}],"wp:attachment":[{"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/media?parent=44908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/categories?post=44908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ispreview.co.uk\/index.php\/wp-json\/wp\/v2\/tags?post=44908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}