Taking over Torpig
In early 2009, a bunch of folks at UCSB took over the Torpig botnet for ten days. In that time, they observed more that 180,000 infections and recorded over 70G of data that the botnet captured. During that time, over 8,000 accounts at financial institutions were “acquired”.
The report is available online [pdf]