Botnets are one of the major threats to network security. A botnet can launch attacks by stealing information, phishing sites, sending spam mail and setting up distributed denial of service (DDoS). Some botnets called Domain Generation Algorithm (DGA) Botnets apply a domain generation algorithm to avoid being detected by the traditional blacklist detection scheme. Using a domain generation algorithm, a DGA bot periodically generates a huge list of candidate Command and Control server (C&C) domains. The bot then attempts to connect to the C&C server by querying DNS servers for the domains on the list one by one until it connects to an existing C&C server. By doing this, DGA botnets become very elusive and difficult to detect by traditional defending systems and thus have high survivability. To resolve this issue, this study proposes a DGA botnet detection mechanism utilizing the feature-based characteristics of social networks. The effectiveness of this mechanism was measured by implementing it in a campus network environment and observing it over eighteen months. The most interesting finding of this experiment is a new class of DGA botnet with a query pattern that has not been detected before. The results show that the proposed mechanism has the ability to accurately and effectively detect both well-known and new malicious DGA botnets in real-world networks.