Level 3 Communications says America is home to more botnet command and control servers, edging out the Ukraine, with Russia only managing third place.
Command and control servers, used to maintain vast botnet scourges, are active for about 30 days before being taken down by operators located all over the world or by local police authorities.
The Level 3 research paper says the US is a good place for command and control servers given its reliable network infrastructure and that connections to the country are not unusal for many western organisations.
"An average of 20 percent of the command and control servers we tracked were based in North America with a nearly equal amount launching from the Ukraine and Russia combined," the report [PDF ] says.
"Unusual communications to these countries should be automatic red flags for IT and security organisations.
"A review of whether servers should be communicating, authenticating or transferring data with endpoints in certain high-risk countries can be a predictor of potential threats to your environment or an indicator of a potential compromise."
The UK chalked up sixth spot while Australia with its vast empty spaces did not feature in the global report that tracked 1000 command and control servers during the first quarter this year.
Of the monitored botnets some 600 were targeting corporate environments.
"Left unchecked, these command and control servers have the potential to disrupt business and destroy critical information assets."
Level 3 describes for report readers some of the latest botnet threats including the SSHPsychos bot that at its peak accounted for 35 percent of all SSH traffic.
That bot was left battered after the company together with Cisco Talos sought to take it down and prevent its automated SSH brute-force attacks against Linux servers.
The company says gaming outfits and internet providers were the hardest hit by botnet distributed denial of service attacks many operating from booter services.
It recommends buisness investigate unusual communications between high-risk countries, double check port scanning attempts which may indicate more nefarious botnet attacks, and keep tabs on DDoS attack profiles. ®