My experience differs from yours. Apparently goatsis has heard of you, so good work on that? The logical fallacy of either/or doesn't advance your argument as much as you think it does.
In my experience, malware authors care about beating the defense more than they do about having their domains taken down by some "whitehat". Although if you think that's easy, by all means please do. The Internet will thank you.
Instead of relying on the fallacy fallacy could you try to back up your point of view somehow? Share your differing experiences and give us some examples.
The idea of using a DGA to hide your C&C simply isn't a very good one. It's not going to work, anyone running a packet capture will still see where your bot connects.
Using a DGA to protect your C&C from being taken down? You can easily make it impossible for any domain registry to shut you down. It'll also protect you from server suspensions as you'll just be able to update your DNS records.
One of these actually works, one doesn't. For hiding your C&C you'd want to use tor hidden services instead. Generally C&Cs are disposable though, so there's no need to hide them in the first place.
>In my experience, malware authors care about beating the defense more than they do about having their domains taken down by some "whitehat".
I don't really understand what you mean here. "beating the defense"? Are you suggesting that whoever did this mirai edit was trying to evade antiviruses or any sort of "defense" in that matter? On iot devices and routers?
I'm sure they weren't hoping that whatever analyst finds their binary isn't going to find their C&C... Which seems to be what you're suggesting.
But if they aren't worried about their C&C being taken down by some "whitehat" then why on earth would they want to hide it in the first place?
In my experience, malware authors care about beating the defense more than they do about having their domains taken down by some "whitehat". Although if you think that's easy, by all means please do. The Internet will thank you.