Highly unlikely that that will happen, simply because even the smaller virus writers take precaution when buying servers, they usually do it using stolen credit cards that are not hard to acquire. In addition, the it also depends whether the hosting companies are willing to assist people with the investigation.

if I would invest that much time into writing software, I would add TOR or i2p connectivity and would connect to hidden service

I would love to see the binary, even if it means waiting until vulnerabilities are patched.

At 20MB I would be suprised if it didn't patch itself with new exploits.

Hopefully the infected would not only patch but perform quarantines.