What I think is missing from the discussion of the exploitability of the OpenSSH bug: yes, it takes forever to exploit against a single host. But you're mostly waiting for a timeout, so you can massively parallelize across internet targets without really needing a botnet.
It's best to assume that this - and not targeted exploitation - is going to be the initial approach.
It probably doesn't matter that you're not a "priority" target, and it might not matter that the exploit is slow and unreliable if you just get unlucky early on.