Are you aware of Dave Dittrich's work at University of Washington? He wrote a nice overview on secured P2P C&C networks in Storm and Nugache that you might find interesting:
I cited one of his papers actually, I didn't know that site with all his works existed though. Thanks for the link, I'll read some more of his writings.
It seems that even DHT based botnets need to hard code initial peers. Using the Bitcoin network eliminates this completely (now you need just need Bitcoin's bootstrap nodes).