"by either law enforcement or police"
In what way are Police not law enforcement?
New variants of the Zeusbot/SpyEye cybercrime toolkit are moving away from reliance on command-and-control (C&C) servers towards a peer-to-peer architecture. C&C servers are the Achilles heel of cybercrime networks, vulnerable to both takedown operations and monitoring by either law enforcement or police. Variants of Zeusbot/ …
>>And lusers will still do banking on Windows XP Jack Sparrow edition.
What makes you think it doesn't run on Windows Vista or 7?
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot
As MS points out "... the Malware is primarily designed to work with UAC enabled, and without local exploits."
(for all intents and purposes a noob here - security is only tangentially in my interests)
If you have P2P control, could the white hats not set up counter measures to issue instructions to cease & desist? Or some other kinda neutralization/sabotage/owner identification strategy?
I mean, if all of a sudden those trojan's peers can issue commands, then how do they know to trust those peers? I assume signatures and encryption are used to authenticate, but still, there must be some opportunity here, until the next improved version.
My thought's exactly, a simple, "remove bootloader" or del /Windows in x days. type arrangement,
That command would propagate through the botnet and at timebomb time, the whole thing implodes.
Then at least the infected end nodes won't be infecting anyone else soon, and the end users have to deal with the problem.