I'm not 100% sure I understand what you're saying, but I guess you're asking how this could be censored?

> you would have to extract the keys from the malware

Yeah? That happens all the time. If you're designing mechanisms like this, it's presumably specifically against adversaries which are doing exactly that.

> you would then have to implement the logic and announce it - then rely on blockchain exploreres actually using that data to block addresses in real time.

Someone would only have to do this once and all your bots would be gone.

Usually the whole point of these mechanisms is C&C resilience, and usually that only matters for really big botnets which face co-ordinated attacks.

Any good C&C system for a bigger botnet would seek to eliminate all meaningful external points of failure for C&C. Using a block explorer, or HN comments, does not achieve that.