This paper proposes a legal methodology aimed at disrupting Botnets, whose nodes are mostly comprised of Smart Devices. The methodology allows for the attachment of civil liability to both the manufactures and users of Smart Devices which have become part of a Botnet due to either the failure to develop a patch for a known vulnerability or who have failed to apply the patch after it has been developed. The paper also outlines a role for a regulator but does not propose that a regulator or State body should be required for a civil action to be initiated. The only requirement for a civil action to be brought is that that damage has occurred following a cyberattack conducted by a Botnet, and the vulnerability which was exploited by the Botnet to ensnare a given device was one which was known to software industry.