Unmeasurable?
Well we can't know the extent but we can know it is large.
From network logs we can say there are many machines sending spam and denial of service attacks without users knowing and often from corporate networks. I see them on my tiny network every day. This is also why a few stupidly run mail servers block emails from dsl connections rather than checking for mx records and networks with mail servers and Windows machines are advised to block outgoing port 25 connections.
All of these machines could be used to grab banking details but then you would find out and maybe they would wait atleast 6 months to get spam or encryption key processing first anyway.
In other words they may well use the lower hanging fruit to go after bigger fruit, i.e. attacks during Denial of service attacks from all of these compromised machines.
