Not true, when the botnet first got noticed and moved to another pool we were able to see it and exactly how many comps were hitting and how much hash power. it was surprisginly high hash for the number of comps. I do not have the info recroded down to verify so one of the pool ops would have to report, but there is a grph I'm willing to bet someone still has that showed the number of zombies hashing and what their rate was. Believe it was something on the order of 60Ghash and only a few thousand comps.......
which would probably be considered a small botnet. to back you up, the problem is not that each computer is only offering a small amount of computing power, the real problem is when they are aggregated together. 10/100s of thousands of small machines could potentially make up a large percentage of a pool. when you consider the fact that who ever is running the botnet is pulling in btc while not paying for any of resources (except software costs) for those machines and requiring only a small amount of manually effort, its looks like a very lucrative venture to point those machines at a mining pool. i have no doubts that they will get better and better about masking themselves: load balancing pools, randomly disconnecting to look like a normal user, multiple withdrawal addresses, etc. Or just flat out running their own pool -- not much could stop them.
cheers, m8. Glad you understood my not so carefully drawn out thought there. My main point being the amount of hash power from such a small botnet. The usual assumption I have seen echoed here is that botnets would produce much lower hash per zombie than what was seen from the recent one. Scale it up and it = scary shit.