No need for funky exploits. You simply write a script that pwns the machine (download and install TeamViewer or a keystroke logger if you are real l33t) and claim that it is actually an AD or WSUS maintenance script and slap it on a blog somewhere. It'll be copied and pasted straight into the console so many times without question, you'll have a botnet in no time. Now I don't have to learn PowerShell to do this - I can use my long honed unix sysadmin script writing skills.
Sadly, I'm only half joking ... probably