But, according to FireEye's Atif Mushtaq, they haven't succeeded in taking down all of them, and of the remaining nine of one particular botnet, three (isdfsrttyqza.c0m.li, mylemain.com and stockli.us) are still active and sending out commands to zombie computers.
Mushtaq says that it is no wonder, as this particular Zeus variant is known for rapidly changing its C&C servers.
Two of the servers still out of reach of Microsoft are no longer resolving to an IP address, and four have been abandoned.
"I am not sure why the MS Digital Crime Unit has not been able to sinkhole all the C&C domains," he says. "Their main concern should be the three active domains. Without these domains completely destroyed, this botnet can not be officially declared as dead."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.