Botnets – networks of machines infected with malicious software – are widely regarded as a critical security threat. Measures that directly address the end users who own the infected machines are useful, but have proven insufficient to reduce the overall problem. Recent studies have shifted attention to Internet Service Providers (ISPs), the providers of Internet access to end users, as possible control points for botnet activity….