Researchers at Damballa used a sinkhole to study a recently discovered botnet in operation. The researchers were looking at the way that the network used a domain-generation algorithm to come up with new command-and-control domains for infected machines to contact. Many botnets use this method, as it give them the ability to react quickly when one domain is taken down or blacklisted by a large number of security products. Researchers noticed that they could identify which organizations had IP blacklist technologies deployed and how quickly they updated them.
Source: https://threatpost.com/watching-botnet-inside-071812/76819/