Vole went on its own to play cyber cop against the botnet and found itself in a PR nightmare after its actions resulted in shutting down hundreds of legitimate sites.
Microsoft has also identified at least another 4.7 million infected machines, though many are likely still controlled by the botnet.
The botnet has the most members in India, followed by Pakistan, Egypt, Brazil, Algeria and Mexico.
Richard Domingues Boscovich, assistant general counsel of the unit, said Microsoft would quickly provide government authorities and Internet service providers around the world with the IP addresses of infected machines so they can help users remove the viruses.
“Those victims are currently not aware they are infected,” Boscovich said in an interview.
Boscovich claims that the operation is the most successful of the 10 launched to date by Microsoft’s Digital Crimes Unit, based on the number of infected machines identified.
What Vole did was intercept traffic headed to servers at Reno, Nevada-based Vitalwerks Internet Solutions. Apparently, the criminals were using free accounts on its No-IP.com services.
But it did not go that well, Vitalwerks slammed the way Microsoft handled the operation, saying some 1.8 million of its users lost service for several days.
Microsoft has apologized, blaming “a technical error” for the disruption, saying service to customers has been restored.