Some 450,000 hijacked computers have been used to send phishing scams in a large scale "sextortion" campaign, with victims receiving emails threatening to release compromising photos of recipients unless they cough up $800 in Bitcoin.
The campaign using botnets to target more than 27 million victims at a rate of 30,000 per hour with their own personal information, supposedly taken from previous data breaches.
There is a suggestion that only a small number have opened the emails, but researchers believe botnets still offered a great "return on investment" for hackers.
"A botnet can be used for many, many things," said Charles Henderson, from IBM's X-Force Red security team, according to the BBC. "This was just one task assigned to it."
A botnet is a network of computers that have been compromised by hackers, usually by malware spread via infected webpages of malicious email attachments. They can quickly send out and spread attacks across a wide number of machines and mask hackers tracks.
So far, the closest anyone has come to finding the culprits is through security firm Check Point, which monitored one of the Bitcoin wallets being used to collect funds from the scam.
In other sexploitation news, more than 300 people have been arrested after the world's "largest dark web child porn marketplace" was shut down by UK investigators.
The site had more than 200,000 videos, all of which had been downloaded more than a million times, but was taken down last year after a UK investigation into a child sex offender led to its existence.
Although it had been shut down a year ago, officials revealed on Wednesday that 337 suspects had been arrested in 38 countries with US authorities unsealing nine indictments against the site's owner, Jong Woo Son, a 23-year-old man from South Korea, according to TechCrunch.
The UK's National Crime Agency has revealed the arrests were made in the UK, Ireland, America, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada - as well as many more.
