http://www.informationweek.com/news/security/vulnerabilities/231600904?printer_friendly=this-page
"... What happens after a unique PC has been infected and pressed into botnet service? Botmasters might push new malware. They might also activate or download keystroke loggers that harvest sensitive data, including bank account numbers and passwords, from the infected PC. Likewise, the infected computer can be turned into a spam relay, or used to launch distributed denial-of-service attacks against targeted websites..."
https://secure.wikimedia.org/wikipedia/en/wiki/Botnet#Recruitment
"... Computers are recruited into a botnet by running malicious software. This may be achieved by a drive-by-download exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, possibly in an email attachment... Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for SPAM, click fraud, spamdexing and the theft of application serial numbers, login IDs, and financial information such as credit card numbers..."
http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/
"... most DDoS* continue to rely on brute force flooding to exhaust link capacity or overwhelm load balancer, firewall and web server state... massive botnets and increasingly sophisticated attack tools poses a real danger to the network and our increasing dependence on the Internet."
Pandemic on the Web ...