Netcraft has this report Netcraft: Honeynet: At Least 1 Million Machines in use as Botnets.
Know your Enemy: Tracking Botnets paints a scary picture. With one botnet reaching more than 50,000 compromised machines, the potential damage both to the owners of these machines and to the internet at large if these numbers are right could be huge - defending against things like distributed denial of service attacks is hard enough for well established internet companies - smaller players could be crushed easily.
The size of these botnets also open up the possibility at massively distributed harvesting of personal details such as credit card numbers.