An apparatus, system and method are described for use in detecting the presence of malware on subscribers computers. The apparatus, system and method are network based and may be deployed within an Internet Service Provider (ISP) network. The system may include a plurality of network sensors for receiving and analyzing network traffic to determine the presence of malware. An aggregating apparatus receives alerts of the presence of malware and translates a network identifier of the alert to a subscriber identifier. The aggregating apparatus aggregates alert information and forwards it to a reporting infrastructure that can generate notifications in order to notify a subscriber that malware has been detected on a computer associated with the subscriber.