Forum Moderators: open
"The operation involves arrests and searches in five countries," representatives of the FBI and US Department of Justice said in a joint statement issued today. "More than 50 Avalanche servers worldwide were taken offline." Phishing Botnet Taken Down and 800,000 Domains Seized [arstechnica.com]
Individual nodes within the botnet are registered and then quickly de-registered as the host associated with a Domain Name Service A address record for a single DNS name The destination addresses for a DNS record often change as quickly as once every 5 minutes, and can cycle through hundreds or thousands of IP addresses.
No-one notices if they were running their own name servers. And with 221 servers they had the backbone to do it.