Cloud computing offers tremendous promise for the future of computing. In the cloud you will be able to link together remote computing resources to achieve massive amounts of computing without any of the capital infrastructure costs.

Interfacing with the cloud, you will be able to orchestrate thousands, perhaps even millions of CPUs and terabytes of storage from any location with a simple management interface. Enormous scale, tremendous flexibility and all without any capital cost. Don't dream – cloud computing is here today! There are between 5 million and 10 million CPUs that take part in the largest, most flexible cloud computing infrastructure ever seen. We call them botnets.

In the whole Conficker drama in April, many were curious about the ultimate purpose or payload of Conficker: "But, what is it going to do?". That's a narrow view of these trojan/worm/bot systems that assumes they are a form of evil application. What's missed in these discussions is that Conficker, like other botnets before it is not an application but an infrastructure which can be "upgraded" to any payload, application or purpose that the owners imagine. Better yet, botnets can be leased for temporary use. Spam today, phishing tomorrow, who knows? Botnets do not have a purpose because they represent what we would call Infrastructure-as-a-Service (IaaS).

Unlike a traditional IaaS service such as Amazon's EC2, the botnets are not flexible enough to load virtual machines (yet) and they are built on top of stolen resources. They have brittle command-and-control structures that emphasize stealth over redundancy. They have to keep fighting off hostile takeover attempts by other trojans and bots. But make no mistake about it. The dark cloud of botnets is the biggest, baddest cloud computing infrastructure running on the Internet today.

The most worrying aspect of the dark cloud is that there is no longer a direct correlation between the command-and-control application and the payload/purpose. It used to be clear that certain types of botnets were spam botnets, or phishing botnets. But many new botnet clouds are built with upgrade and software distribution capabilities so they can morph. Botnet controllers can upload new payloads on the existing botnet, or they can upgrade the core functions that provide the control channel or propagation mechanism to evade attempts to shut them down.