I have a theory that since the NSA and other three letter agencies monitor the tubes for evidence of unniceness, they must be able to filter out all the noise to concentrate on the meat of the matter. They must recognize patterns, and this leads to the conclusion that they must be quite aware of botnets and their command and control structures.
Why, then, don't they shut them down and rid the net of all the spam? (My own domain varies from 500:1 to 1000:1 spam:real email, where spam means nonexistent accounts, not counting the various blue pill adverts.) I can only conclude that they want to leave them in place; in the event of an attack on the US portion of the tubes, or whatever is the trigger, they can instantly recruit the botnets for their own NSA purposes.
I call this my Giles theory in honor of a friend who was really good at plausible conspiracy theories that could not be dismissed out of hand like the knee slapper that Obama is not a US citizen. My favorite of his was that Microsoft was deliberately faking evidence, lying, etc, at their anti-trust trial because Bill Gates wanted to lose and have the feds take over control of Windows so that when the Y2K feces hit the fan, he could wash his hands of it and point to the feds as responsible. "My hands are tied" was what he expected Bill Gates to be ready to say.