Both Jart at HostExploit, and Pedro Bueno at McAfee, recently reported on botnets being used by the good guys, aswell as the bad. See;
The problem here, is that we've known for years that the bad guys were using them, and likely knew but didn't want to admit, that the good guys invariably used the same sort of tactics, to root out the bad guys. The problem is, as Jart asked, how are you supposed to tell the good from the bad?
Do you just look at the source systems, and target systems? Well no, that's not going to help you, as I found out recently, when sending a take down notice to 1 & 1 during an investigation into this, and was informed, that actually, the IP addresses had been hijacked by the good guys, for analysis purposes, or as he put it;
For a good guys bot to be successful, it needs to look and act, exactly the same as the bad guys bot. But this poses a huge problem, both from an ethical perspective, and a legal one.
There's several problems with the good guys using this method, and at least one of them is from a legal stand point. Thankfully I'm not a lawyer, so will leave the discussion on that one, to those more familiar with the laws regarding that than myself (as far as I'm concerned, good guys or bad, they have no right to access a system without authorization, which is what these are doing). One of the other problems is, there's no flag from the good guys bot, to enable us to identify them as good, and to be fair, we'd not believe such a flag even if there were one.