Found this article about honeypots and zombie wars interesting:
Fake “zombie” computer spies are infiltrating zombie networks and recording online exchanges between the networks and their human commanders.
The fake zombies are deployed by members of the German Honeynet Project, which started collecting data on zombie armies in November 2004 and released the first paper detailing how to spy on zombie networks on Monday.
“With the help of honeynets we can observe the people who run botnets – a task that is difficult using other techniques,” says Thorsten Holz, a researcher at the RWTH-Aachen University, Germany, and founder of the German Honeynet Project.
Zombies are ordinary PCs infected with a piece of malicious code – known as a bot – that instructs the PC to secretly log onto an online chat room and obey the instructions issued by the chat room’s controller. The bot may have been deposited into the computer by a virus such as SoBig or MyDoom, downloaded from a bogus website or inserted by a hacker directly.
Holz’s fake zombies have enabled him to spy on over 100 different botnets, some comprised of up to 50,000 zombie computers – PCs under the control of hackers. But he has noticed a new trend towards groups of smaller botnets, all controlled by the same person. This is probably an attempt to make botnets more difficult to infiltrate by distributing their control over multiple servers
More at the link: Spies infiltrate zombie computer networks