The investigation culminated in the closure of the C&C servers by UK ISP Coreix on Friday and, according to an in-depth report by a team of specialists from Information Warfare Monitor, the annual revenues generated by the cybercriminals - who are thought to be based in Russia - was split evenly between scareware/fake antivirus software and mis-routed advertising on search engines.
As reported previously, the Koobface worm was discovered in December 2008, since when it has undergone many changes. Named as an anagram of the Facebook social networking site, Koobface's success is centered on the fact that Facebook has in excess of a half a billion users worldwide, which gives the fraudsters tapping into the power of the worm, a lot of possible computers to infect.
According to security researcher Nart Villeneuve and his team's report, "thousands of compromised computers networked together with an invisible tether controlled by a few individuals can be employed to extract pennies from unsuspecting victims, as it was with Koobface, or sensitive national security documents from government agencies, as it was with GhostNet and Shadows."
And, says the report, criminal networks are growing as fast as the social networking platforms upon which they parasitically feed.
Koobface, notes the report, is just one example of an entire ecosystem that threatens to put at risk the very entity on which it depends - a free and open cyberspace.
Against this backdrop, Villeneuve and his team say that the problem is how to clean up and control cyberspace - without undermining the positive characteristics of social networking we have all come to enjoy - is a major challenge.
A weekend report in the Financial Times notes that Koobface generally spreads when an infected machine uses a victim's social network accounts to send messages to friends, urging them to watch a video.
"The link usually asks the message recipient to download a program in order to watch; that program is actually Koobface", says the FT.
Villeneuve and his team are reported to have discovered the mobile numbers of four of the Koobface botnet gang's members, and turned over their results to the authorities in Canada.
Infosecurity's sources suggest that the FBI and the Metropolitan Police's cybercrime unit were also involved in the investigation, which remains ongoing.
Villeneuve is quoted as saying that poor international co-operation and the small sums involved in each fraud meant that prosecution was unlikely in the case.
In the report's conclusions, the Canadian team says that, by compromising users, Koobface was able to successfully monetise the criminal's operation through the use of affiliate programs with PPC and PPI brokers.
"Through a combination of click fraud and the propagation of rogue security software, Koobface was able to generate over $2 million between June 2009 and June 2010", notes the report.
And, the report's conclusion goes on to say, just as the botnet operators diversify their operations across multiple affiliate programs, it is likely that each affiliate also has multiple botnet clients that propagate malicious software or advertising links.
"This provides a layer of redundancy within the malware ecosystem and allows botnet operators to continue monetising their operations even if some partnerka programs are disrupted. This makes efforts to counter botnet operations difficult", the report says.