According to the Times, the team demonstrated the scale of financial cybercime by taking over a network that gave them unrestricted access to 8,310 bank accounts at 410 institutions, as well as 1,660 sets of credit and debit card numbers.
The experts estimated that the information would be worth up to $8 million on the underground market for stolen data, the publication noted.
It added that the botnet used the malicious software known as Torpig, which allows criminals to remotely control an infected machine.
The university team hijacked the network using a server that intercepted zombie computers' communications. They had access for ten days until the botnet's controllers updated their system.
Victims of the network came from 40 different countries, with the majority from the United States, Italy and Spain. The researchers alerted the relevant internet service providers of the compromise and passed stored data to law enforcement.
In 2008, the Register reported that researchers from RSA said Torpig had compromised the details of an estimated 300,000 online bank accounts.