There are two main points to take away from the Kelihos.B takedown. The first is that malware writers, as smart as they are, are really dumb.
Forget about malware for a moment, and imagine the architecture involved in Kelihos.B was part of a legitimate distributed-computing business system. Would you invest all that time and effort to build a P2P network and design a mechanism for message propagation, then leave it wide open to attack by failing to include any form of authentication mechanism? It’s...