An investigation has uncovered a link between a recent phishing operation and the infamous Storm worm.
Security experts believe that the botnet of infected PCs is now being leased out by its operator to other criminal groups.
The company found that the hosting of the phishing domain was being passed around among a number of IP addresses.
When researchers cross-checked the addresses with other domains, they found domains as 'hellosanta2008.com' and 'postcards2008.com' which had been linked to fraudulent greeting cards used to spread the Storm worm over the holiday season.
The findings suggest that the operators of the Storm botnet are now allowing the network of infected machines to be accessed by other groups for various criminal activities.
"We have not seen this before. But we have been expecting something along these lines," said F-Secure chief research officer Mikko Hyppönen in a blog posting.
F-Secure is among many security firms to warn that Storm could become a commercial entity in 2008.
Researchers fear that Storm's computing power could be rented out for various criminal activities.
Storm first appeared in early 2007, circulating malware disguised as film of flooding in Europe. Since then, the controllers have used everything from spam runs to fake greeting cards to snare victims.
Experts warn that the tactics used to build and operate Storm could become a model for future botnets.
Privilege escalation bug already being exploited in the wild
NASA's Voyager 2 probe set to reveal secrets of space beyond the heliosphere as it goes interstellar
The probe is now more than 18 billion kilometres from Earth, with equipment enabling it to reveal some of the secrets of interstellar space
Four glaciers located west of massive Totten glacier have lost almost three metres of ice in height since 2008
Ceres, located in the asteroid belt, has a carbonaceous-rich upper crust, SwRI study claims