An investigation has uncovered a link between a recent phishing operation and the infamous Storm worm.
Security experts believe that the botnet of infected PCs is now being leased out by its operator to other criminal groups.
The company found that the hosting of the phishing domain was being passed around among a number of IP addresses.
When researchers cross-checked the addresses with other domains, they found domains as 'hellosanta2008.com' and 'postcards2008.com' which had been linked to fraudulent greeting cards used to spread the Storm worm over the holiday season.
The findings suggest that the operators of the Storm botnet are now allowing the network of infected machines to be accessed by other groups for various criminal activities.
"We have not seen this before. But we have been expecting something along these lines," said F-Secure chief research officer Mikko Hyppönen in a blog posting.
F-Secure is among many security firms to warn that Storm could become a commercial entity in 2008.
Researchers fear that Storm's computing power could be rented out for various criminal activities.
Storm first appeared in early 2007, circulating malware disguised as film of flooding in Europe. Since then, the controllers have used everything from spam runs to fake greeting cards to snare victims.
Experts warn that the tactics used to build and operate Storm could become a model for future botnets.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France