Storm Outbreak - Building A Bigger, Better Botnet

The outbreak that washed across the Internet on Thursday died down Friday morning, but not before hackers added thousands of newly infected computers to their botnet. The new Storm worm outbreak that buffeted the Internet with malware-laden spam on Thursday slowed down early Friday morning.

The massive spam campaign died off in the early morning hours, according to Adam Swidler, a senior manager with Postini. The security company had reported the day before that the new Storm variant drove Thursday's virus level to 60 times the average. At the same time, the Internet Storm Center reported detecting at least 20,000 infections, while the Security Response Team at Symantec said they received several hundred thousand reports of the malicious e-mail making the rounds.

That all changed on Friday morning when the attack went quiet.

"Typically, we see a burst in the initial attack from the folks who control the botnets that are sending out the spam," Swidler said in an interview. "I'm not surprised it died down so quickly."

The spam messages carried a variant of the virulent Storm worm that plagued the Internet in January. In that initial malware attack, the malicious code was in an executable attachment in the e-mail. This time it's disguised in an encrypted zip file and the password is embedded in an image in the body of the e-mail. Encrypting the malicious code makes it much more difficult for anti-virus programs to catch it, and if they can't catch it, they can't stop it.