The business internet security vendor says that the botnet has been operational since February.
Hosted in the Ukraine, the swarm is reportedly being controlled by a gang of six people who are instructing infected Windows XP-based machines to copy files, record keystrokes, send spam, and take screenshots,
Reports suggest that the Ukrainian gang has compromised computers in 77 government-owned domains around the world, although around half of the infected PCs are located in the US.
According to Finjan, almost 80% of infected systems are running Internet Explorer, while 15% are using Mozilla Firefox,
Since the discovery of its findings, the company says it has provided UK and US law enforcement with information about the botnet server.
Yuval Ben-Itzhak, Finjan's chief technology officer, says that, as the company predicted at the end of last year, cybercriminals keep on looking for improved methods to distribute their malware and Trojans are winning the race.
The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar, he says, adding that, as big money drives today's cybercrime activities, organisations and corporations need to protect their valuable data to prevent theft by these kind of sophisticated cyberattacks.
Screenshots and examples taken from the command and control server can be found on Finjan's MCRC blog post here.