* Colin Johnston: > The better idea would be fingerprint the spam to match the bot used to match > the exploit used to run the bot to then reverse exploit back to the > exploited machine patching in the process.
Doesn't work reliably. A lot of bots close the attack vector they used, to prevent infection by just another bot. There's also a lot of cross-infection behind packet filters, which stop the same attack from the Internet.