Interpol has led an operation with technology companies to disrupt the Simda botnet, which is thought to have infected more than 770,000 computers worldwide.
In a coordinated series actions last Thursday, 10 command and control servers were seized in the Netherlands, with other servers taken down in the US, Russia, Luxembourg and Poland.
The action was coordinated from the new Internet Digital Crime Centre in Singapore, which worked with Microsoft, Kaspersky Lab, Trend Micro and Japan’s Cyber Defense Institute.
The move came after Microsoft’s Digital Crimes Unit shared analysis that found a sharp increase in Simda infections around the world.
Interpol said in the first two months of 2015, 90,000 new infections were detected in the US alone. The Simda botnet had been seen in more than 190 countries, with the worst affected including the US, UK, Turkey, Canada and Russia.
Simda is a classic "pay-per-install" system whose operators generated income by selling access to the botnet to other criminals who used it to install their own malware.
Its primary functionalities are to re-route internet traffic and to distribute and install additional software packages or modules.
Interpol said Simda had been increasingly refined to exploit any vulnerability, with new and more difficult to detect versions being generated and distributed every few hours.
Kapersky's Vitaly Kamluk outlined the "hide and seek" nature of Simda, describing the bot as "mysterious because it rarely appears on our KSN radars despite compromising a large number of hosts every day."
Kapersky has launched a free service.