I wouldn't want to be responsible for it getting out and causing problems elsewhere either. I think what I'm interested in is:
1) what is making it so hard to clear
2) what kind of things to look for on a network that indicates it's there (original detection, in general)
3) What this bad boy is using as an entry vector
4) what your test environment is like
If I was setting this up, which I lack the hardware for at this time, I'd do a chrooted virtual window's box on a system I don't mind destroying the hard drive out of afterward. Although that seems a little expensive when I think about it (constantly going through hard drives).
What's the best way to get involved with a local DC group? I tried to join a local Perl Monger's group once, but they hardly ever met, and when they did, they wanted to focus on showing off what they (the host's company) was working at the time. (*edit: turns out the local DC is no longer DC, it's now ArbSec...)
I'll also remember to shop smart, shop S-Mart.