McColo. The several spambot networks used rented servers hosted there as their control systems.

There are plenty of providers out there that unfortunately find it good money to provide so called "bulletproof" hosting for spam and worse things. They rely on the fact that most upstream providers won't cut them off until they get excessive complaints. If they keep things to a reasonable level and do token efforts at cleaning up then they can carry on as normal and charge nefarious people a large sum of money to look the other way.

The largest botnet used a backup mechanism to regain control and assign a new control server. Their system was that every single node in the network would using an algorithm generate a domain name daily that it would check for updates. The spammers could then work out what the domain would be for a specific day, register that and then host the necessary updates. As a new domain name was generated every day, it would be very difficult to block them all.