What's concerning about this botnet, aside from the apparent difficulty in identifying it, is that it has successfully infiltrated some -- so far -- unnamed and large networks. Also, its ability to communicate, presumably with other infected nodes, from behind the corporate firewall, makes it appear more agile than other peer-to-peer botnets.
So far, there's little information on MayDay, such as how it propagates or how it evades anti-malware software. Hopefully, those details will surface soon.
According to Higgins' report, the known infections so far have been through what appears to be an Adobe PDF file, but is actually the mechanism for bot infection.
Also, the motive behind MayDay seems to be spam propagation. The researchers, still reverse-engineering MayDay's encrypted communications, have found that it's sending spam and submitting performance reports back to its command-and-control servers.
While that's bad enough, once these bot networks get entrenched they can be used for any number of other types of attacks, including denial-of-service attacks. It's also not unheard of for these networks to be hijacked by other criminals and commandeered for their own purposes.
As news dictates, I'm hoping to post more details on this attack as specifics become available.
According to the 2007 CSI Computer Crime Survey, denial-of-service attacks and botnets combined cost 194 respondents about $5.6 million.