"This [attack] is only in the early stages," said Dunham, "and the IP address [for the Russian site] could easily be changed in future variants. Even as these hacker sites rise up and fall down, we still have the attack issue to deal with."
More attacks are probably in the offing because of the group behind the attack. "It looks like the HangUP Team out of Russia is doing this," he said. F-Secure, a Finnish anti-virus firm that's been aggressively analyzing the attack, also pegged HangUP as the most likely culprit.
HangUP, a for-profit malicious code-cutting group out of Russia, developed the backdoor Trojan horses that were uploaded to client systems exploited by Friday's attack. Those Trojans "are designed to steal credit card and other information that is then marketed to organized identity theft markets," said Dunham.
The reason why Dunham and others expect additional attacks is because of HangUP's past practice with the Korgo worm, which the group is also suspected of writing. Korgo, now in its eighteenth variation, exploits the LSASS vulnerability in Windows which was made public several months ago.
"It's highly likely that we'll see additional attacks, if, in fact, HangUP is behind this, because of the number of Korgo variants it's put out," said Dunham.