Microsoft's digital crimes unit teamed with Europol's European cybercrime centre, the FBI and tech industry allies to tackle a "Sirefef botnet" that commandeers search results and routes queries to websites rigged to infect computers with malicious code, steal information or make money from bogus online ad "clicks."
The botnet, or network of machines infected with a virus that lets hackers take command, is also referred to as ZeroAccess and is believed to have spread across nearly two million computers around the world.
Microsoft estimated the bogus online ad billing and stolen traffic cost advertisers about $2.7 million monthly.
"ZeroAccess targets all major search engines and browsers, including Google, Bing and Yahoo," Microsoft digital crimes unit assistant general counsel Richard Domingues Boscovich said in a blog post.
"ZeroAccess is one of the most robust and durable botnets in operation today, and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers," he continued.
People's computers typically become infected with ZeroAccess as a result of visiting websites booby-trapped with the malicious software, he said.
Due to the sophistication of the hacker network, Microsoft expected the legal and technical actions taken would significantly disrupt the operation but not wipe it out.
Efforts are being made to get word to people whose computers are infected, and Microsoft is providing virus removal information online at support.microsoft.com/botnets.