Botnets in Action
eWeek's coverage of Is the Botnet Battle Already Lost? includes a slide show of a live botnet IRC session. To understand what is occurring, read the text under each screenshot.
In December 2005, CERT published an excellent whitepaper Botnets as a Vehicle for Online Crime.
... much of the functionality and activities of the attacker community are driven by the desire for financial gain. The ultimate goal of the attackers is to use their ill-gotten information and capacity to generate cash in the physical world. Examples of this include deposits from DDoS extortion, payments from spamming, cashing out bank accounts and credit cards, purchasing goods with stolen credit card information, identity theft, and the sale of fake identification documents. As the money generated from these activities is transferred between accounts and moved through cashiers to ultimately end up in the hands of the attackers, law enforcement may be able to follow the money trail and locate the attackers responsible.
As my good friend Richard Stiennon Chief Research Analyst at IT-Harvest says
I was never a great fan of the method of tracking down control servers and shutting them down. That is a non-technical response to a technical attack. The defense has to come from the network. Even that is becoming very hard to do.
See also How "McBots" Will Control the Internet and Botnets and Anti-Social Communities.