Botnets aren't just dangerous because they can steal massive amounts of personal data and launch denial-of-service attacks—they can also self-destruct, leaving the owners of affected machines in the dust. The controllers of one such botnet recently hit the kill switch for one reason or another, taking down some 100,000 infected computers with it.

The Washington Post recently profiled the case of Zeus/Zbot—a software kit that sprung up in March that harvests financial and personal data from PCs through the use of a Trojan. Zeus, unlike many other malware programs, managed to make each installation appear different to virus trackers so that it would be more difficult to remove. But Zeus had another interesting feature—one that isn't terribly uncommon among botnet software, it turns out. A command was built into the software to kos—or "kill operating system"—and it was apparently executed some time last month.

The reason for BSODing 100,000 machines isn't quite clear, but several security experts have offered up their opinions. S21sec wrote on its blog that those behind Zeus might have wanted more time to exploit the financial data they had harvested by removing the user's ability to get online and see that money was being transferred. On the other hand, 21-year-old Roman H�ssy had just begun running Zeustracker, a website (that is apparently down right now thanks to a DDoS attack) meant to track the servers being used by the Zeus botnet, when he saw the kos command get issued. "Maybe the botnet was hijacked by another crime group," H�ssy told the Post. Or, he postulated, perhaps those behind Zeus were just dumb. "Many cyber criminals...using the Zeus crimeware kit aren't very skilled."

S21sec notes, however, that invoking the kos command only results in a bluescreen and subsequent difficulty booting the OS. There appears to be no significant data loss and neither the Trojan binaries nor the startup registries are removed, indicating that Zeus isn't trying to keep itself from being dissected by researchers. It could also mean that, once those hundred thousand or so users manage to get back online, Zeus will get back to work stealing passwords and credit card info.