I spoke with Ryan Narine last night about my ethical obligations towards shutting down botnets if I had, or had somehow obtained, the power to. I basically equated the prospect to “vigilante justice” and took the moral high-ground on the topic. I don’t believe that individuals should be solving this issue on their own. Ryan mentioned that we’ve been doing the exact same thing for years and botnets are worse than ever (paraphrasing). Regardless, we, as private citizens, do not have the right to invade others privacy to do what we think is best for them. My quote from the article:
Andrew Hay, product manager at Q1 Labs, a network security management company, said the concept of tampering with a user’s machine without consent, even if it’s to remove malicious software, is “ethically questionable.”
“I couldn’t in good conscience send any command to a machine without the user’s knowledge and approval,” Hay said. “Ethically speaking, we just can’t make that decision regardless of if it’s right or whether it’s the best thing to do for the good of the Internet.”
The full article can be seen online here (my part is the last two paragraphs on the second page).