Ok i was reading this article tonight (which i got from digg as usual) and something occurred to me.
"Lyon still wanted to find out who was behind the attacks. He and Brown scanned the traffic data, found a zombie, and, thanks to an opening in Microsoft Windows, were able to see what other computers it had been connected to. This led them to a chat server in Kazakhstan; when they connected to it, they saw more attacks in progress. They notified the F.B.I. and the Secret Service, but, Brown said, “they sort of threw up their arms, because it was in Kazakhstan.” To Lyon, however, the lesson was clear: with clever techniques and a little luck, any attacker could
"thanks to an opening in Microsoft Windows"
This gives me an idea; whats the best way to find a zombie army, by being in control of the zombies themselves.....
SO on with the idea, what if there was a piece of software similar to the bot software that resided on a good bit of the machines involved, similar but different in that it would be used by a good network to gather information about a given attack, and could possibly either disrupt that attack (by commanding the pcs under its control to quit participating) or could just gather information about the attack to be given to the authorities. The software could be installed on a voluntary basis, like seti@home.
The idea that enables this is, the criminals running these bots dont know/care what else is running on the bots themselves. So your program could run alongside thiers without them realizing you are gathering data on them.
In fact the ppl like Lyon, could theoretically setup a farm of machines and just let them be infected and maybe then one of thier machines would be one of the bots attacking, and could be used to trackback to the attackers....
Note to self: always finish reading the article before posting idea to blog, there are alotta ppl alot smarter than me. :/