Information security specialists have developed various techniques and methods to reduce the threat that botnets pose to the security of information systems connected to the internet. The implementation of such methods needs to take place according to the legal systems of the respective jurisdictions. Based on Estonian and German legislation, the authors cover two different approaches to support the fight against botnets: first, a legal evaluation is given to common technical measures used to fight botnets, primarily relating to botnet takeover and takedown; second, some purely legal constructs, such as compensation for unlawfully caused damage, are suggested, which could potentially apply to certain circumstances and so indirectly contribute to the mitigation of botnets. As a result, a number of legal requirements, as well as potential risks, relevant in the fight against botnets are outlined.