Get a behind the scenes look at how the Shadowserver Foundation works in

"At first it looked like your regular old holiday e-card scams that have been around for years. However, upon closer inspection it looks like we could be dealing with the next generation of Storm Worm or Waledac," said Steven Adair of Shadowserver in a post. "If you consider Waledac to be Storm Worm 2.0, this looks like it could be version 3.0 or at least Waledac 2.0."

According to Shadowserver, among some of the newer components of the latest spam effort are new malicious domains that are fast flux, links are to several hacked websites hosting HTML pages that refresh to new malicious domains, and malware that's been updated to look a bit more like legitimate than past variants.

"We have not done any analysis to see if there are actually any pieces of the code that were directly taken or updated from the Storm Worm or Waledac code," the post states. "However, whether or not the code is the same or not, this appears to be the next generation of Storm Worm and Waledac. We are just saying it could be Storm Worm 3.0, at least until someone gives it a better name. "

First detected in 2007, Storm botnet was responsible for large volumes of spam for more than two years until a decline in late 2008. Last April researchers with McAfee said rumors of a Stormbot 2 had been verified.