So first, someone will have to take the source code AND compile a version that will remain hidden AND produce bogus blocks AND be able to be remotely controlled AND be able to restart itself after a system reboot/shutdown AND coordinate this properly to have *all* bots online at the same time AND be able to funnel those fake blocks to a central fake client AND be compile another client that will accept those fake blocks AND it will have to be setup to only work as private/local nodes AND you'll need another compile for a client that will connect to the public network AND the fake network to start loading up the fake blocks AND, AND, AND...
Huh? Are these things supposed to be difficult? You make it sound like it would take years of development to do this. I've developed software for 10+ years, and in my estimation it'd take a skilled programmer perhaps a month or two to do this from scratch. Possibly much less. Anyone that has created botnets has already created the remote control libraries, so that's just a matter of linking them in.
Someone else mentioned a botnet hearder not wanting individual nodes to be discovered because of the CPU usage. Well, most people don't EVER bring up a CPU usage meter, so the risks of that are minimal. If you REALLY cared about that sort of thing, just stick in some code to shut down the usage whenever you detect keyboard/mouse activity.
These are not difficult problems to solve at all.
Are these things suppose to be easy? People don't operate botnets because they are hard, but because it makes them money for the amount effort they are going to put into it. I read in the news from time to time about botnet operators getting busted. They weren't doing it for the *rush* of the challenge, but to make a living.
2 months of dev work is like not getting paid for 2 months. The investment would have to be worth it to someone with that much free time. Plus there is a movement out there to root out botnets. So all your work could go up in a electron should someone shut you down or wipe our/take control of your botnet.
Risk vs Reward, right now there really isn't a reward for a Botnet operator.