At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom's AS 4766, India's National Internet Backbone's AS 9829, and many others).
The detailed drilldowns also motivate a higher level policy discussion.
Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? ...There is extensive theoretical literature that indicates
Most orgs keep security problems secret because they think it will harm their reputation. Ahah! Publish reputation and they'll care.Reputation such as SpamRankings.net is pioneering is the key to transparency, which is the key to white hat cooperation. More in another post.