Via http://arstechnica.com/security/2016/12/legal-raids-in-five-countries-seize-... "A botnet that has served up phishing attacks and at least 17 different malware families to victims for much of this decade has been taken down in a coordinated effort by an international group of law enforcement agencies and security firms. Law enforcement officials seized command and control servers and took control of more than 800,000 Internet domains used by the botnet, dubbed "Avalanche," which has been in operation in some form since at least late 2009." The Avalanche network used a method called Double Fast Flux to rapidly change (like every 5 mins) the IP address and nameservers used to resolve the domains requested by infected machines - the domains requested were either hardcoded in the malware on the infected machines or created by a Domain Generation Algorithm in the malware that generated thousands of domain names every day for the malware to attempt to reach. Europol has an infographic : https://www.europol.europa.eu/publications-documents/operation-avalanche-inf... The SSAC published an advisory on Fast Flux Hosting https://www.icann.org/en/system/files/files/sac-025-en.pdf Dev Anand