Finn said:
Now, that can also be done with the help of almost any peer-to-peer software. After all, IRC doesn't control the bots directly, but is simply used as a channel to slide the malicious piece of code into a noncautious user's hard disk.
But you're generally true, it is a problem for anyone without proper protection.
Then again, there are plenty of websites that are.
Actually the IRC channel is used to command and control the bots directly. The bots automatically connect to the channel to get their orders. The Botnet commander types in comands like .ddos.syn directly into his IRC client and they execute. IRC presents a centralized structure for command and control and that's what makes it pretty weak, that's why botnets have appeared on P2P which is completly decentralized (using GNUtella clients and the WASTE protocol for Phatbot for example). IRC is still much more commonly used expecially considering it is now possible to use dynamic DNS services to change the control center if a suspicious IRC server admin shuts down the channel.
As for infecting machines with malicious code, bots use traditional methodes, they scan the ports of entire networks looking for backdoors and vulnerabilities. Once they identify a vulnerable machine, they do their best to "get root" (using for example an SQL query after exploiting the mssql or mysql port) in order to execute for example a TFTP command that will download the bot onto the machine and execute it.
So...for those who use WindowsXP, it's time to upgrade to SP2 and turn ON the firewall. Because a Windows XP SP1 that connects to the internet is infected by a bot within minutes. And most bots use rootkit technologies which makes them invisible to the system and antivirus.
On a side note most bots are open-source and freely available under a GPL licence...