Although currently crippled, the Virut C&C infrastructure is not completely out of the hands of attackers. Their last remaining strongholds are the remaining .at domain names, Morrison said.
Spamhaus alerted the .at domain registry and the Austrian CERT multiple times about this issue and hopes that they will follow the example of their Polish and Russian counterparts in suspending the C&C domain names.
"The Virut takedown effort clearly illustrates the important and meaningful role [domain] registries and registrars can play in the fight against cybercrime in general," Morrison said. Such organizations should be proactive and add clauses in their contracts that will allow them to quickly take action against domain names used for malicious purposes, he said.
Based on information gathered during a recent sinkholing operation, Symantec estimates the size of the Virut botnet at over 300,000 infected computers.