Probably has engineering challenges past what you would normally face, which thankfully makes a 1B device botnet a little unrealistic. I can't imagine how you'd even begin to control such a thing, just a sequential numerical list of the clients is 4GB. Scary prospect though.
Sprinkle in some AES and public / private keys for verification and you're done.
Sequential list isn't needed.
(well, all the robust & stealthy large systems engineering together with the low level exploit knowledge is probably a little too much for one person to pull it off, but for a Hacking Team or nation sized actor it's quite doable)
The bot can call home to ask if/when more infections are desired, so the attack can elastically adapt to remain viable and not overwhelm the resources it needs.
