MH:It's that simple, and that's we do fairly regularly. Although typically, we try to track down the guys who write the viruses.

We call them "botnet-herders"--these guys who build large botnets--and we've been doing some tracking of them lately. For example, one group known as "Moop" did some underground information-gathering: going on chat systems and IRC systems undercover, trying to get [privileged] information.

More and more, these guys are moving away from working for spammers and getting into database theft. Because if they control, say, 30,000 computers [as zombies], it's likely that if someone comes to them and says, I'd be interested in information related to this or that organization, if they have tens of thousands of PCs, it's not far-fetched that one or two of those computers might be in an internal network belonging to that company. So they can search for data within that network and try to get information stolen from there.

So these guys were [bragging] that they were trying to steal data from IBM, from the World Bank. Because somebody was buying this information, so they'd get offers: "I wanna buy this or that database from that company, get it to me." This is changing the way they're making money out of these attacks.

CWHK:People are now requesting specific information?