From Lisa Vaas’ “Are Campuses Flooded with Zombified Student PCs?” (eWeek: 22 October 2007):
Rather, bot herders have sophisticated technology in place that can detect how fast a bot’s connection is. If that connection changes over time – if, say, a student is poking around at her parent’s house with dial-up all summer and then comes back to school and the campus network’s zippy broadband – the herder detects the increased bandwidth, and that zombie PC suddenly becomes a much more useful tool for sending spam or engaging in other nefarious activities, as pointed out by SecureWorks Director of Development Wayne Haber …
“The more significant factor is to take a machine that was the only system, or one of two to three, on a home network, and to move it to an environment of hundreds or thousands of machines on a network in different states of being patched and of running security software,” [Craig Schmugar, threat research manager for McAfee’s Avert Labs] said. “The new students coming in, there’s a greater chance of having new computers, and those might not have firewalls. It’s a more diverse network environment, with a greater opportunity for machines to be attacked. Maybe not successfully, but at least there’s more traffic thrown at machines.”
Another helpful thing about campuses, of course, is that they have loads of systems left on around the clock in their labs. Universities also have the added stickiness of trying to administer security policies for a constantly shifting population, with visiting scholars coming and going and a variable range of access rights necessary for staff and students.