No the issue is that you want to give authorities a mechanism of taking someone offline. This week it is malware, next week it will be something else, and you still haven't done anything that addresses the problem which is that it is 1) a profitable and low risk form of crime and 2) leaving servers unpatched is cost effective. Change that balance and the problem goes away.
If some scumbag breaks into your home to fund their next fix, they are not prosecuted for the £25 they got for your stuff, they are prosecuted for the £1000+ damage they caused to you. And if you don't have locks on your door or don't bother using them, then you don't expect the insurance company to pay out. Apply the same to computer systems. Make the punishment slightly more sever then the current slap on the wrist and make the consequences of maintaining vulnerable systems not worth the savings.