That's all those folks installing 7106...
You know, I'm really only half joking. Seems there are quite a few folks posting 7106 torrents and trying to convince people they're unadulterated even in the face of stark proof of the opposite. Why? What's it to them if someone they don't know uses it or not? Why the vested interest? There's no point system that I know of. Or is there? Has anyone grabbed these builds and tested them for outbound IRC traffic?
Were the world working as it should, the researchers would deliver a list of infected MAC addresses to the listed domain contacts along with a list of affected ports. This filter list would be loaded into the border routers as a BGP update immediately for maximum protection to the rest of the Internet and email sent to the affected customers in case of ISP or InfoSec depts in the case of corporations. Filters could then be put in place as fast as possible to protect the domain internally. But at least it wouldn't leak crap outside the domain in the short term.
But instead of doing something like this to contain the issue, they write a paper and wait to attend a trade show and brag about how cool they are that they found this big botnet while it continues to exist and do whatever it is it wants unfettered. Makes no bloody sense to me -- obviously this security expert is out to make a buck and a name for himself and has no interest in protecting the Internet at all or they'd at least be TRYING to mitigate the risk and affect with the networking tools and skills at their disposal. I'd think I'd get a better name at the trade show for presenting how I discovered and SHUT DOWN the botnet. While prominently listing any domains that failed to co-operate. Hopefully you'd get a few government agencies and fortune 500s that you could spread all over the new and shame the rest into action.