[nahsra]

The FBI took control of the botnet and re-purposed it to patch the vulnerable machines. This sounds like a novel practice addition to me?

I've done some limited consulting in this space in my career, and I agree that the code (and architecture) I've seen is pretty brittle junk. It's on par with the worst enterprise code I've seen. It's a numbers game for them. And, it's just a different work experience and skill tree that drives people to create "great code" (as it would be measured in professional software development circles.)

[asynchronous]

It’s not novel at all - security researchers have been doing the same thing for literally decades. Worms often have kill switches built into them, that if the researchers can figure out allow them to stop it globally.

[nahsra]

I said it seemed like it might be a novel addition to their practice, not to the state of the art.

The question isn’t “is this possible and has anyone ever done it” - it was was “has the FBI ever used a botnet’s existing C&C patch all the infected hosts”?

It doesn’t seem like it, but I don’t track this stuff closely so I’m happy to be corrected.