The Mariposa botnet, at its peak, is believed to have had as many as 800,000 victims, before it was taken down starting in late 2009. It was also a blueprint for failure.
Failure #1: The reason it was taken down is because the people behind it used real names when registering domains. This made it relatively easy for police to track down who was behind it.
Failure #2: Once the takedown was in process, Netkario furiously tried to regain control of the botnet. In the process of doing this, he connected to the command and control server without using a VPN or proxy, revealing his actual IP. This made it even easier to track him down.
Failure #3: Once being busted for operating this botnet, Netkario and others involved with Mariposa actually tried to get jobs with AV vendor Panda Security, becoming abusive towards them once Panda indicated that they weren’t interested in employing them because of their histories.