Yet another security researcher at Interop was warning attendees on Oct. 24 that the Storm worm botnet is fighting back, sending DDoS attacks to not only the researchers looking into it but to anybody on their subnet, within 5 seconds of initiating efforts to fight it or examine it.

Shane Coursen, senior technical consultant for Kaspersky Lab, told the audience of a panel on emerging security threats that they should make sure the machines in their organizations are squeaky clean and steer clear of poking at the botnet. All he hopes for, in one year's time, he said, was to get rid of the scourge.

Joshua Corman, a principal security strategist for IBM Internet Security Systems, told an audience at his Oct. 23 presentation on evolving threats much the same thing, adding that security researchers don't even want him to make public what they know of the botnet nor their techniques for finding it out.

"If you try to attach a debugger, or query sites it's reporting into, it knows and punishes you instantaneously," he said. "[Over at] SecureWorks, a chunk of it DDoS-ed [directed a distributed-denial-of-service attack] a researcher off the network. Every time I hear of an investigator trying to investigate, they're automatically punished. It knows it's being investigated, and it punishes them. It fights back."

Those researchers who have devised ways to accurately research the scope, techniques and technologies of the botnet are hushed up by their superiors who are well-aware of the retribution that botnet herders have already wrought on those who tried to defeat them, Corman said.

Hence the hush-hush nature of research around Storm. Corman said he can tell us that it's now accurately pegged at 6 million, but he can't tell us who came up with the figure, or how. Besides retribution, Storm's ability to morph means that those who know how to watch it are jealously guarding their techniques. "None of the researchers wanted me to say anything about it," Corman said. "They're afraid of retaliation. They fear that if we disclose their unique means of finding information on Storm," the botnet herder will change tactics yet again and the window into Storm will slam shut.