Back in October, the Dutch police arrested three people who created a large botnet and used it to extort money from U.S. companies. When the trio was arrested, authorities said that the botnet consisted of about 100,000 computers. The actual number was 1.5 million computers.
And I’ve heard reports from reputable sources that the actual actual number was “significantly higher.”
And it may still be growing. The bots continually scan the network and try to infect other machines. They do this autonomously, even after the command and control node was shut down. Since most of those 1.5 million machines — or however many there are — still have the botnet software running on them, it’s reasonable to believe that the botnet is still growing.