According to a statement from the Royal Canadian Mounted Police (RCMP), the botnet allowed the suspect to remotely log into the computers of private individuals and legitimate businesses.
He was then able to log keystrokes, copy computer files for the purpose of stealing the identity of users, visualise and record users' webcam images, spread malware, and send out spam messages.
All this was done without users' knowledge says the RCMP.
"While the botnet was mainly concentrated in Quebec, the investigation revealed that it also took control of servers located in Russia, the Arab Emirates, France and the United States", says the police statement.
Many more computers, says the RCMP, including some at the suspect's employer's premises - where he was in charge of computer security - were infected to allow the hacker to commit computer crimes.
The investigation that led to charges against Joseph Mercier was initiated in December 2010.
According to the police, a number of searches have been conducted in this case to date. These searches were carried out at a victim's home, at the suspect's home, and at his employer's premises.
During the investigation, the RCMP obtained the collaboration of the Longueil and Quebec City police services.
Mercier has been charged with unauthorised use of computers under section 342 of the Criminal Code.
The Montreal Gazette reports that Mercier infiltrated computers owned by both citizens and businesses.
"We want to remind people to install anti-virus software that is up to date on their computers. It might not be 100% reliable for all viruses but it's always good to have. People also have to be careful when they open an email or a weblink without knowing who or where it comes from", said Cpl. Charles Vallee, a spokesman for the RCMP, told the newswire.
Vallee went on to say the police arrested Mercier before determining exactly how much damage he had caused, and to make sure he would not infect any other computers in the meantime.
"It's very hard for a victim to realise that it's happening in their computer. Most people don't know until they get a phone call from police", he explained.