Researchers at the nonprofit Shadowserver Foundation believe they have identified a new version of either the Storm or Waledac worm, thanks to a large-scale influx of New Year's-themed spam. The emails purport to be a New Year's greeting card but contain a link to a malicious domain, claiming to host a fake Flash Player that actually is an exploit. The evil domains use fast-flux techniques to hide the host server. "The whole point of this botnet is to install malware onto systems of unsuspected visitors," researcher Steven Adair wrote Dec. 30 on the Shadowserver blog. Storm first appeared on the scene in 2007, capitalizing on current events and holidays, and essentially was replaced by Waledac in 2009. – DK