There should be a way to exclude botnets...
For example, some kind of notification once a week that's hardcoded into the miner. Also, pools should only accept miners that have this notification feature (e.g. by checking the hash of the miner code).
At least, this would ensure that the pools are bot-free...
Further, the original Bitcoin client should have the same feature.
I know that this would only temporarily stop the botnetters, but at least it gives us time to invent a better solution to protect the real Bitcoiners from hordes of Bots.
My mining operation is currently affected by the botnet problem. Here is my understanding of what is being discussed on the BTCGuild pool thread.
A botnet consisting of thousands of nodes was configured by its operator to conduct CPU mining and used BTCGuild as the pool. These CPU mining workers earned a very low amount of coins each, but in total overwhelmed the pool servers operated by BTCGuild. As a result of analyzing the situation, the BTCGuild operator blacklisted the IP addresses of the CPU miners - no doubt affected a few legitimate miners who do not care about inefficient mining.
The botnet operator, now denied his bitcoin earnings from BTCGuild, retaliated by performing a distributed denial-of-service attack against BTCGuild. In such a DDoS attack, each botnet node pretends to be a real pool mining client, but floods the victim server with an overwhelming number of fake requests - thus precluding access by the legitimate clients.
At the time of this post, BTCGuild is offline, and being enhanced to cope with this DDoS attack. Details can be obtained from the BTCGuild forum thread in the pool section.