...any control message it receives to a known port on any computers it can find...
That's something the original article doesn't mention: Is the listening port on an infected computer static or not? If it's static, then a simple, and therefore quick, nmap scan of an IP space will reveal possible infected hosts on a network. You'd need to do further investigation to weed out the false positives, but it shouldn't be too hard to come up with a fingerprinting query to further narrow it down. Depended on how well it's set up, just looking for nginx Web servers may be enough to get a good idea of infected machines.
If it's random, then look for port scans coming from infected machines. Still would be some false positives, but you can narrow down the list fairly quickly.
If the listening port changes daily, hourly, etc. based on a formula, then you'll need to reverse the formula. And it would have to be based on a formula for the other nodes to find it without the noise of a port scan. But once you do reverse it, then you're effectively back to the static port scenario.