Plus, the attacker can "prepare" his own new pool while attacking all remaining. All would switch to his pool, and he would easily gain >50% of network. You would not know at all, he can "fake" his pool stats. Then, he rules the network.
A smart attacker would create his pool ahead of time - e.g. one of the current pools could actually be the attacker. They would have two versions of the mining pool SW - version #1 is the "honest" one, they would run this for a while, likely with low-to-no fees, to get a reasonable user base and reputation. Then, when they feel they are ready, they would DDOS enough other pools to make people flock to theirs. Once they hit 50%, they would activate version #2 of their mining pool SW, the one that steals coins/double spends/whatever. Since they own more than half the hashing power at that point, they win. People will eventually figure it out, but when they do, confidence in BTC will be crushed and you would see a crash in values.