F-Secure has some very interesting data they compiled after infiltrating a Downadup botnet. At the same time, Chandler Howell at Not Bad for a Cubicle points to an article about a Storm worm/botnet infiltration. Both research groups toy with the idea of downloading their own 'cleaning' software but reject it due to ethical concerns.
If this sounds a lot like the Nematode and benevolent worm discussions of days gone by, you are right. But I think benevolent botnets are slightly different and worth evaluating on their own. They are kind of like an inverted honeypot.
The big difference is the architecture. Rather than a peer-to-peer type model where one client seeks out another, a benevolent botnet impersonates a command and control server and sits passively waiting for connections. Of course, the obvious thing to do for a connection (if you are benevolent) is to download a fix, which puts us right back to intrusive behavior and a definite problem.
But what else could you do if you were contacted by an infected client? The most obvious thing that comes to mind is to notify a different good guy of the infection and allow, say, an automatic update server (patch, av, whatever) to communicate with the infected client in an appropriate way.
It could be none of this matters, because the bigger risk is probably that the benevolent entity is falsely accused of having planted the bot to begin with…