FireEye has watched Grum since 2008, when it was only the seventh or eighth largest spam botnet. Since then, larger botnets, such as Kelihos, Rustock and Zeus, have been taken down, so Grum has climbed up the charts.

Over the last few years, the tech industry has become more aggressive in battling botnets. In March, Microsoft won court permission to , which cybercriminals used to steal $100 million over five years.

Most of the money came through stealing online banking and e-commerce credentials. Microsoft also was involved in the takedown of servers in the Kelihos, Rustock and Waledac botnets.

The amount of spam flowing into people's inboxes has fallen at least 60 percent since the peak in 2008, Mushtaq said. Many ex-spammers have switched from running huge botnets that attract the attention of authorities to operating small networks aimed more at infecting computers with information-stealing malware.

"These guys have learned they need to fly under the radar," Mushtaq said. "Making one huge botnet will make them very visible."