Well if it's a lie that's a shame because the threat is still real and now people won't be motivated to fix it.
They've uncovered more than one botnet with hundreds of thousands of machines involved and anyone can do the math that the average residential user probably has 1-3mbps upload, some burstable to 10mb or so, and servers tend to be in 10mbps or 100mbps varieties, so multiply those by thousands, tens of thousands, hundreds of thousands and you have something seriously potent on your hands.
FWIW, why nobody has alarm software for home machines to detect and isolate apps that spikes outbound data, doing spam or DDoS, like servers do is beyond me because it wouldn't take a very complicated piece of software to easily defeat a botnet program in your PC or even better yet, a little smarts in the router or cable modem could easily do the same thing.
Oh well, everyone just sits on their hands and does nothing.
Years ago I'd have been working night and day to solve such problems but if some big company like MS and the Linux guys can't or won't fix it, c'est la vie.