Going after the bots is lesser effort. The controllers are a priority.
That's not happening. AV companies are mostly interested in hyping the latest worm or semi-worm. Drone armies, hundreds of thousands large (no exaggeration) are just too much of an effort with 1000+ new Trojan horses coming out every month. Also, there are virtually no resources directed at this problem except for a _few_ numbered concerned individuals from various corporate security teams and a few people who use IRC networks, world-wide. As long as so many computers are out there for the taking, it is almost an impossible war. Maybe it would be possible to check if any users from a location you are in-charge of are connecting to these IP's and sending them an automated email about their security plus a deal on an AV product (whatever it is worth for this)? I doubt many here have the time to even consider such an effort, even with the deal. There are easier ways, such as seeing who in a said network connects out with recognized signatures.. again, I doubt many would bother. Spam, viruses, it all revolves around the same problem. The users en-masse are a serious risk on the macro level. Besides, with so many drones around and infected machines - who needs a proxy to be anonymous? Gadi Evron.