jdMorgan - 4:31 pm on Mar 5, 2010 (gmt 0)

I think the cost argument is a red herring; I would think that an ISP could simply "sample" packets from each of their customers over time -- for example, sample packets for a few randomly-scheduled minutes a week, and notify those whose machines seem to be zombied using an ISP-side redirect on initial connection. If the customer doesn't respond, then the ISP could rightly decide whether they wanted to retain that customer, or perhaps limit that machine's bandwidth and/or access to mail services.

With all of the free malware detectors and fixers available on-line today, there's simply no excuse to allow a compromised machine on-line.

Jim