Sometimes in IT things are hard to explain and when I get a good short explanation its sometimes worth sharing. This is from the Sophos antivirus guys:
[A botnet is a collection of] malware-infected computers, individually referred to as bots or zombies, that can be controlled remotely by criminals known as bot-herders or botmasters.
As well as stealing information such as banking passwords from each computer in the botnet, the crooks can also send commands to all the computers in the botnet at the same time, essentially giving them a huge distributed "network cloud" of computing resources.
Botnets can therefore be used to send massive quantities of spam (including spam runs containing email attachments with more malware), to clock up huge numbers of fraudulent but legitimate-looking ad clicks, to carry out online attacks, and more.
Attacks of this sort are hard to block because they originate simultaneously from thousands of innocent-looking computers, so there isn't a single, obvious source of criminality.