Security experts have said that many 'bots' - computers controlled by hackers to spread malware and spam without the owner's knowledge - remain infected for longer than first thought.
Previously it was believed that the average computer that had been infected and taken over remained a bot for six weeks. However, research has revealed that this period could be more like 10 months.
"During the analysis of approximately 100 million compromised IP addresses, we identified that half of all IP addresses were infected for at least 300 days," said security firm Trend Micro in a statement.
Worryingly, a quarter of infected IP addresses belong to large businesses and enterprises, meaning they could have dozens of infected machines on their networks.
Cybercriminals typically link individual bots into larger networks, or 'botnets' some of which, such as Koobface are very large indeed.
"Only a handful of criminals - likely a few hundred - have more than 100 million computers under their control. This means that cybercriminals have more computing power at their disposal than the entire world’s supercomputers combined," said Trend Micro.