Ars technica has posted an article about a recent University of California Santa Barbara paper on findings after hijacking the Torpig botnet for 10 days. The headline is 56,000 passwords in an hour. The botnet (research) users were also able to gather 70GB of data.
The goal of this particular botnet (and probably most of them) is to gather financial information. "In just ten days, Torpig apparently obtained credentials of 8,310 accounts at 410 financial institutions..."
Concerned that you may be a target? "The researchers concluded that victims of botnets are usually those with poorly maintained machines and who choose 'easily guessable' passwords."
I've posted many blogs on how to improve your security. Some of the basics I know people are still not getting include an up-to-date virus scanner. Those bundled, out-of-date virus scanners from McAfee and Norton have mislead many consumers. This does not have to be difficult! Go to Avast and get their free home edition. Of course if your machine is already compromised, you're going to have to start all over with a fresh install of the OS.