According to Krebs, who started researching botnets with the Washington Post in 2008, there are now criminal underground booking sites that operate in a similar manner to holiday booking portals, but users are renting a sub-swarm of a botnet for a given period, and for cybercrime purposes - after paying a $150 subscription fee.
Krebs claims that the online botnet rental service has more than 4100 bot proxies available in 75 countries, although the bulk of the hacked PCs being sold or rented were in the US and UK.
Interestingly, he notes that the number of available proxies fluctuates daily, peaking during normal business hours in the US.
"Drilling down into the US, users can select proxies by state, or use the advanced search box, which allows customers to select bots based on city, IP range, internet provider, and connection speed", he says in his latest security blog.
Krebs goes on to say that this service also includes a fairly active Russian-language customer support forum.
"I tried to locate some owners of the hacked machines being rented via this service. Initially this presented a challenge because the majority of the proxies listed are compromised PCs hooked up to home or small business cable modem or DSL connections", he says.
"As you can see from the screenshot, the only identifying information for these systems was the IP address and host name. And although so-called geo-location services can plot the approximate location of an internet address, these services are not exact and are sometimes way off", he adds.
Krebs carried out some interesting research into the IP addresses that were hosting one or more infected machines and, after contacting the firms concerned, managed to track down the infected machines.
The most crucial aspect of the infections, Infosecurity notes, is that the businesses had IT security software installed, suggesting that the botnet infections stemmed from a click-through option carried out by the user of the PC(s).
The complex process of tracing some botnet infections, he asserts, is made more difficult because some botnets use IP anonymiser services to make the task of tracking down the real location and identity of an infected machine almost impossible.
"Anonymisation services add another obstacle on the increasingly complex paths of botnets. As I have often reported, tracing botnets to their masters is difficult at best and can be a Sisyphean task", he said.