I thought this excerpt from the Kaspersky blog telling -- it shows how fast the methods of attack & compromise evolve...
Last but not least, a quick review about the story of Hlux/Kelihos:In September 2011 we performed the first takedown of Hlux. The criminals responsible for that botnet didnĀ“t show a major interest in taking counter-measures - they abandoned the botnet to its fate (of being under our control now) and immediately began to build a new botnet. So after a short time, Hlux 2 appeared on the radar and we did it again - poisoning the p2p-network to sinkhole it. And again, the criminals quickly rebuilt their botnet and Hlux 3 was born - within 20 minutes! In March 2013 the bad guys were faced with a new shutdown operation - initiated and performed live at the RSA Conference 2013 by our friends over at Crowdstrike.