There is a relationship
Between the phallicly challenged, choice of OS they use, and also target markets for viruses.
Go figure!
Security watchers have spotted a malware-seeded spam run that bears all the hallmarks of a new generation of the infamous Storm worm. If verified, the campaign will represent the return of a strain of malware that was endemic between January 2007 and April 2008 before falling into disuse. The worm may have been a victim of its …
Your shadowserver link lists a few of the domains/IPs that should be blocked. Based on that research and some passive DNS work we've done, we can now block the ip addresses of most of the botnet and we're automating the update process so that the blocklist remains current
See my blog post http://threatstop.wordpress.com/2011/01/04/threatstop-blocks-new-waledacstorm-worm-dns/ for more details