A lot of hashing power is coming from botnets
I honestly don't think so, maybe back when CPU mining was the thing, but now they'd have to infect people with certain model's of ATI GPU's or mining FPGA's to amount to any amount of hashing power.
Remember that botnet operators don't pay for electricity. So if a 10000 nodes botnet is idle, better make it generate 10GH/s (assuming 1MH/s for each host with a stealth mining mode not using all the CPU power) than sit doing nothing.