An investigation has uncovered a link between a recent phishing operation and the infamous Storm worm.

Security experts believe that the botnet of infected PCs is now being leased out by its operator to other criminal groups.

Researchers at security firm F-Secure uncovered the connection while investigating a group of phishing sites posing as UK bank Halifax.

The company found that the hosting of the phishing domain was being passed around among a number of IP addresses.

When researchers cross-checked the addresses with other domains, they found domains as 'hellosanta2008.com' and 'postcards2008.com' which had been linked to fraudulent greeting cards used to spread the Storm worm over the holiday season.

The findings suggest that the operators of the Storm botnet are now allowing the network of infected machines to be accessed by other groups for various criminal activities.

"We have not seen this before. But we have been expecting something along these lines," said F-Secure chief research officer Mikko Hyppönen in a blog posting.

F-Secure is among many security firms to warn that Storm could become a commercial entity in 2008.

Researchers fear that Storm's computing power could be rented out for various criminal activities.

Storm first appeared in early 2007, circulating malware disguised as film of flooding in Europe. Since then, the controllers have used everything from spam runs to fake greeting cards to snare victims.

Experts warn that the tactics used to build and operate Storm could become a model for future botnets.