Is is possible the blocks where actually found by bots at the given time and where actually distributed among the p2p network of the botnet. Maybe the node/server that bridges botnet-p2p to bitcoin-exit-node was down and coincidentally not many blocks where found real bitcoin network so the longest chain could taken over by publishing these blocks when that bridge node came back up? Does this make sense at all?
The way I understand it yes sure.
However this is still becoming a real worry for users who'll end up facing unreasonable transaction times compared with the norm and will cause worries about the fundamental architecture of the network and its underlying code.
What's the norm? It is generally suggested to accept transaction at 6 confirmations. It is also generally known a secure tx can easily take longer than 1 hour.
Personally I don't give a toss about who's actually doing the mining even though botnets (if this is one) raise "moral" issues. However not including transactions in the blockchain is just plain fucked up.
Maybe a patch or something similar to reject this type of blocks ought to be included in the code as it's A slowing down the system and B apparently also destroying legitimate work, which is in no ones legitimate interest.
This has been discussed: It can not be done in a safe way, afaik. The problem is identifying such "illegitimate" blocks. There are legitimate 1-tx-blocks (eligius is mining them every day, as luke says). The grey data-series in my chart above reflects possibly legitimate 1-tx-blocks.
Some people may start screaming "this is the wild west and we don't want no stinking "regulations"" just think of it as going to a gun fight you can only bring a .22 while several of the other parties arrive carrying assault weapons. All I'm asking for here is that everybody gets to buy a nice piece of whoopass and bring it along if they are so inclined.
* molecular arming with whoopass