Why pay for the kit? There are free ones available ;)

I downloaded a few 'kits' that the botnets attempted to upload once just to see what in the heck were in the files they try to inject on the server. Some were just simple phone home ping files that sent your location back to the botnet for the hacker to review later. Other scripts they attempted to upload were basic shells to give them as much control over your site/server on the first attempt. Then, every now and then, I found a C&C script upload attempt, those were interesting to say the least.

Fun stuff to look at, easy stuff to stop and thwart once you know what to look for too.

Which always makes me wonder why botnets are so prolific and these security companies can't either stop or significantly slow down the spread of this crap.

Ah, if you advertise something for a low price a lot of people will buy. Something for free might not work. :)

I have always thought it should be easy to kill these networks, especially at the beginning. It's not as if a lot of these people and their networks are unknown. There seems to be far more pressure by financial institutions, for example, on their customers than there ever has been on fixing the original problem.

From the same blog on a slightly different (though similar) topic:

"According to abuse.ch’s Zeus tracker, there are about 220 command and control servers online at any given time. The site monitors the about 700 servers hosting the botnet."

So why haven't they killed them? For example, get the ISPs to disconnect their customers - dynamic, static or server - until they fix the problem.

On the other hand, a lot of companies are making a lot of money from "security".