Yes, that botnet dig is bullshit. Some botnets use Tor for C&C. But jerks don't need botnets to have lots of Tor exits. That's what VMs are for. Botnets give you lots of residential IPs.
Let's say that I have a box with a couple quad-core Xeons and 64GB RAM, and a 100Mbps uplink. I can easily run 150-200 Debian VMs, each running one or more tor processes.
Ah right, didn't think about running several Tor instances in VMs. I'm sure there are better ways to run Tor from VMs though, if you know how the protocol works just run instances of some program that runs it instead of running the whole thing in a VM.
Sure. You can also run many tor processes. Or you can use light virtualization, so there's not much overhead. But the point is that it's easy to create lots of Tor instances. Much easier than building a botnet.
