Putting it briefly, we are not the law, and as a publicly traded company bound by laws, we simply cannot act as vigilantes.
Why? Well, a few of the infected IP addresses that we have logged are registered to an army (or two), a navy, and few governments. We are certain that unauthorized use will most definitely not be appreciated.
However, we do NOT sit idly by.
Each and every day we collect data from our analysis and forward it to relevant law enforcement authorities, ISPs, partners, various CERTs, et cetera.
They are the ones that have the legal authority to take action within their territories.