Microsoft just released the 9th volume (Jan - June 2010) of its Security Intelligence Report (SIR), which, for this edition, focuses on botnets and their role in the malware landscape. The report also includes some defense strategies against botnets.
Bots, like other malware, are spread through gaps in security policies, exploiting security vulnerabilities and through social engineering tactics. The report recommends that both offensive and defensive tactics be used to protect organizations and individuals from botnet threats:
"Botnet detection using static and behavioral analyses and defense tactics such as honeypots and darknets are important aspects of the fight against botnets."
Some key findings from the report:
The report is now available in a fantastic web format, so it's very easy to browse through without needing to download. Check it out here and be sure to read the section on mitigating security breaches here. For more lovely stats, also be sure to check out the Q3 threat report from Sophos.