"Botnet operators, such as those behind Koobface, do make mistakes," said Nart Villeneuve, chief research officer for SecDev, who led the research project.
"Information sharing and persistent monitoring can uncover the details of botnet operations. Therefore, it is important that the law enforcement and security community continue to share information and work closely together," he said in a blog.
Koobface has used social networks to spread and is known to be one of the most sophisticated pieces of malware circulating the web today.
The masterminds behind Koobface, also known as Ali Baba and 40 LLC, used it to send messages containing malicious links over the likes of Facebook.
The links took victims to fake YouTube pages where they were encouraged to download malware with temptations such as a software upgrade.
Koobface was running through a massive number of accounts, including 500,000 fake Google blogger and Gmail accounts set up by the botnet. Typically botnets will use infected machines to set up these fake accounts.
A total of 20,000 fake Facebook accounts were also used by Koobface - itself an anagram of Facebook - to spread the malicious messages.
Both Google and Facebook have been contacted by the researchers, who informed the tech giants about a number of fraudulent accounts.
Last month, researchers discovered a Mac version the Koobface worm for the first time.
