Moreover, Microsoft is coordinating with ICANN and other organisations responsible for the DNS infrastructure to register and block the domain names which could be used by the worm, in the hopes that by doing that its creators will not be able to turn the Downadup worms (which are now quite harmless) into logic bombs, ransomware or spam relays or whatever else they feel like. Downadup has an algorithmically-generated list of candidate command & control servers; eachinstance of the worm checks some of these periodically, providing an infection count and asking for updates.
The technique is not without precedent, but the response is. While blocking domains may go a long way towards preventing a “night of the living dead” scenario, the other aspect (that of the ransom) raises an interesting opportunity.
Say you were a member of a criminal organisation. You commission (and receive, from a black-hat hacker or group) a huge botnet. Some other wiseguys on the ‘net post a reward for turning in the authors.
Do you now:
a. exploit it for your nefarious purposes
b. turn in the virus writer(s) OR
c. do both of the above?
I suppose it all depends on how useful you deem the virus writers to be to you in the future and what you estimate the cost of replacing them will be. In other words, the reward system probably works, if the rewards are high enough, although it probably doesn’t work by punishing the criminal masterminds, but rather by providing a strong disincentive for prospective enablers (i.e. wannabe virus writers).