Botnets are networks of malware-infected machines controlled remotely. This document analyzes a takeover of the Torpig botnet. It describes how botnets use command and control channels like IRC to issue commands. The Mebroot rootkit was spread via drive-by downloads on websites and used to take over machines. The botnet authors registered domain names to use for command and control but researchers took over after observing the domain algorithm and were able to run the botnet for 10 days. Analyzing the botnet traffic showed the true size was much smaller than estimated by IP addresses alone. Better security practices and education are needed to address the cultural problems that enable these botnets.