Botnet Takedowns: Are They Really Dead or Will They Rise Again? - Security - News & Reviews - eWeek.com

There have been several victories against major botnets in the past few months, the most recent being the shutdown of the Coreflood botnet. Even though law enforcement officials have successfully collaborated with various industry experts—including Microsoft's Digital Crimes Unit and Symantec—to track down and seize command-and-control servers pumping instructions to infected machines, for the most part the operators remain at large. Many users were unaware their systems had been compromised in the first place and may still be infected even though the C&C servers are offline. With these dormant machines out there, it's possible that operators can resurrect the botnet at a later time and push out updated instructions to awaken its zombie army. "It stands to reason that when we stop seeing new exploits, that the entire botnet has to be on the decline," Patrick Cummins, a security malware researcher at Blue Coat Security, told eWEEK. The success and ultimate survival of the botnet depend on being able to continuously update its zombies. The U.S. Department of Justice employed a controversial technique to ensure Coreflood can't be revived by overwriting the malicious code on compromised systems with a new set of instructions.
Informative slideshow.