Not only were they doing something virtuous while shrouded in secrecy, the secrecy was necessary for them to accomplish their goals. While I'm in general totally in favor of openness and transparency, there are competing concerns that it should be weighed against, as this clearly demonstrates.

Good on you Microsoft. How's that for a little bit of social responsibility.

I have a foreboding that the first "real" AI may well come out of spamming and other forms of unpleasantness ...

the operation hasn’t cleaned the infected computers and [... a]lthough the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware

That will learn them some bird calls next time, if not yet done.

Microsoft got legal approval for this. How many extra-legal, or grey-area "Operations b49" have taken place? I don't imagine Microsoft has done many (if any) extra-legal beheadings, but surely somebody has. All those academic papers about taking control of botnets and measuring the take-up rates on penis pill offers had to come from somewhere.

Cool, but how long until it auto-registers new domain names according to some algo? (see Srizbi)

Well, it's not sentient, so it isn't registering anything it wasn't already programmed to, and it isn't getting any new commands with all existing C&C routes gone.

Making the C&C domain time-dependent is trivial. Making the domain name based on time-dependent keys, steganography and queries across multiple domains as the basis for computing the current or next C&C domain would make the life of the good guys very uncomfortable.

Of course it can be done (and has been done). But in this case it apparently wasn't.

The arms race will undoubtedly continue.

I wonder if this had any noticiable impact of the number of spam send. I haven't noticied it on my inbox.