The Koobface worm, which targets social networking sites, can double the number of command and control (C&C) servers in 48 hours, says security firm Kaspersky Lab.
The increase is mainly in the US, where more than half of the Koobface C&C servers are hosted.
Recent activity indicates that cybercriminals are constantly monitoring their infrastructure status to ensure they do not lose control over the botnet, said Stefan Tanase, researcher at Kaspersky Lab.
"When the number of active C&C servers drops to a critical level, they seem to be ready to implement dozens of new ones," he said.
The Koobface gang appears to prefer having at least 100 C&C servers online and to ensure they are distributed across the globe and with different ISPs to make the take-down process harder, said Tanase, although most are currently in the US.
Guidelines for defence against Koobface
• Be cautious when opening links in suspicious messages, even if the sender is one of your trusted Facebook friends.
• Use an up-to-date browser, such as Firefox 3.x, Internet Explorer 8, Google Chrome or Opera 10.
• Divulge as little personal information as possible.
• Keep your anti-virus software updated to protect against new versions of malware.