Slashdot links to a Network World piece that covers a presentation at Cloud Connect that cites some pretty impressive numbers and explains how a typically botnet actually fits the taxonomy of a cloud service provider.
While it is true that botnets are often rented out for nefarious purposes, I think there are still telling differences. I doubt botnets have to hit certain uptime and other reliability targets. I suspect they achieve whatever agreed upon goal through sheer brute force, an option not open to any but the likes of Google and maybe Amazon.
Still, it is a useful reminder that criminal activities are as hungry for computing cycles as legitimate innovations and far less scrupulous about how they acquire it.