Boscovich said Microsoft is seeking the names of the individuals who registered the Nitol C&C domains from Peng, as well as those responsible for the 70,000-some malware-hosting subdomains, but has yet to reach Peng. It will identify the machines infected with the bot and refer those IP addresses to the appropriate country's CERT (Computer Emergency Response Team) organization and pertinent ISPs to work with users and customers on cleanup efforts.

The new "surgical" sinkholing tactic, however, may be the longest-lasting affect of Microsoft's Operation b70, said Nominum's Sprosts.

"Bulletproof hosting companies often try to hide behind innocent victims to escape legal action," he said. "This will be a wake-up call for many other [bulletproof hosting firms] that they'd better clean up their act."

Because Microsoft and others can now limit collateral damage, Sprosts said, he anticipated that courts will look more kindly on takedown and sinkhole requests. "[Judges] will see that this is surgical, not a blunt force instrument."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at , on or subscribe to . His email address is .