MH:Yes. Of course, it's all criminal--criminals are buying and selling this information.

The going rate for botnets is getting cheaper and cheaper. We've been seeing viruses lately that are getting picky about which machines to infect. Because these guys have access to so many machines that they can afford to be picky.

There was this one virus which we analyzed--the first thing it did was to connect to a university system and download a Linux distribution set, a 2GB file. It downloaded the full set, and deleted it--it never used it for anything, but it timed the download, and if the download took too long, the virus wouldn't even infect the computer. Because it didn't have enough bandwidth, so the virus would wander on and find a better machine. If they're trying to build a botnet for DDOS [Distributed Denial Of Service attacks] for example, they want machines with high bandwidth so they can overload servers.

CWHK:You gave an example of a targeted email aimed at data theft: a bogus Microsoft Word file which was sent from newsdesk@washingtonpost.com targeted a only a few dozen email addresses, in the .gov, .mil and .hk domains. Disguised as an IPR report, it was actually an RTF file which downloaded an exploit that allowed a remote host to control the infected computer. Are you seeing a lot of these targeted email attacks?

MH:Unfortunately not, which means we're missing them. If they are sending out seven emails [using a] totally undetected bot, it might go under the radar forever. None of the antivirus companies will ever see it. That worries me.