Could this work?
Suppose a team could be assembled comprising some highly skilled analysts of bot code and a large array of volunteers with systems on residential and similar ADSL networks with dynamic addresses, just the kind the crims seek out to host single- and double-flux botnets.
The idea is, the analyst/coders, once they've gotten the inner details of a given bot, create a decoy, one that behaves exactly like the real one, but which also communicates everything it can that might be useful to the white hats while hiding that behavior from anything the crims can get from their real bots behind dummy data. The bots would be hosted on volunteers' machines, avoiding the thorny issue of a white-hat infection of unknowing botnet system owners, and also allowing the installation of other, separate services to monitor activity and help keep the subterfuge hidden from the bad guys without having to necessarily build all of that into each new bot design itself. Perhaps services and daemons like this could even be made to mimic bots simply by updating scripts rather than necessarily coding and compiling new binaries.
These volunteer decoys would be able to give analysts real-time information on motherships, not necessarily just addresses, but everything the "bad" bots would have to know and be able to communicate in order to function.
Of course, the bad guys would catch on very quickly and try to add features to each new generation of bot to foil this, so the analysts would have to really stay on top of each new strain. Still, this might be workable given sufficient resources and talent.