Botnets are known to be one of the most serious Internet security threats. In this survey, we review botnet architectures and their controlling mechanisms. Botnet infection behavior is explained. Then, known botnet models are outlined to study botnet design. Furthermore, Fast-Flux Service Networks (FFSN) are discussed in great details as they play an important role in facilitating botnet traffic. We classify botnets based on their architecture. Our classification criterion relies on the underlying C&C (Command and Control) protocol and thus botnets are classified as IRC (Internet Relay Chat), HTTP (HyperText Transfer Protocol), P2P (Peer-to-Peer), and POP3 (Post Office Protocol 3) botnets. In addition, newly emerging types of botnets are surveyed. This includes SMS & MMS mobile botnet and the botnets that abuse the online social networks. In term of detection methods, we categorize detection methods into three main groups, namely: (1) traffic behavior detection -in which we classify botnet traffic into; C&C traffic, bot generated traffic, and DNS traffic, (2) botmaster traceback detection, and (3) botnet detection using virtual machines. Finally, we summarize botnet defence measures that should be taken after detecting a botnet.