The Register has an interesting little piece this morning on the current state of the Conficker botnet.
http://www.theregister.co.uk/2015/08/18/antib … hating_pirates/

Jumping to a punchline in the research PDF:

Correlating Decay Rate […]
Show full quote

Correlating Decay Rate

Although decay rates are less dispersed than peak
heights, there are still noticeable differences among
countries. Given the rather slow cleanup rates — the me-
dian of 0.009 translates to a 37% decrease in the number
of bots after one year — one hypothesis that comes to
mind is that perhaps some of the cleanup is being driven
by users upgrading their OS’s (to say Windows 7), or
buying a new computer and disposing of the old fully.

For each country we estimated the decay rate of the
market share of Windows XP and Vista from January
2011 to June 2013 using the StatCounter GlobalStats
data. Figure 11 shows these decay rates versus Conficker
decay rates. There is a weak correlation among the two,
with a Spearman correlation coefficient of 0.26.

But more interesting and somewhat surprising is that
in many countries, the Conficker botnet shrank at a
slower pace than the market share of Windows XP / Vista
(all countries below and to the right of the dashed line).
Basically this means that the users infected with Con-
ficker are less likely to upgrade their computers then the
average consumer.

Quick refresh ref for Conficker:
https://en.wikipedia.org/wiki/Conficker

The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a vulnerability in a network service (MS08-067) on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta. ... A second variant of the virus, discovered in December 2008, added the ability to propagate over LANs through removable media and network shares.