The anniversary week of the first Storm worm attack brought more variants, one of which launches an early Valentine Day attack.
The social-engineering technique attempts to trick users into clicking on a link in a "Valentine's Day" e-mail, according to Sophos.
"The body of the e-mail contains a link to an IP-address based Web site, which is actually one of the many compromised PCs in the Storm botnet," said Sophos. "The Web site displays a large red heart, while installing malware onto the vistors' PC."
Symantec researcher Hon Lau said that a spam run attempting to exploit St Valentine's Day was perhaps premature.
"I don't know about you, but I feel that this campaign has started a little bit too early," wrote Hon in a blog post. "Maybe the Peacomm creators feel that they need a head start this time, since they started a bit late on their Christmas 2007 campaign. After all they don't want to miss the boat when it comes to gathering more bots for their network."
The most recent attacks are using variants of malicious code known as Troj/Dorf-AP by Sophos and Trojan.Peacomm.D by Symantec.
The original Storm worm code, so named because the first spam run coincided with a severe winter storm in Europe, will reach its first anniversary on 19 January.