As botnets go, Storm (a.k.a Nuwar) has proven an adaptive and long-lived thorn in the side of computer security researchers. Yet, instead of fading quietly as its growth stalls and it fends off a relative newcomer, Storm is showing new signs of life.

The botnet, which is believed to have shed part of its once 10-million strong army, has been occupying the scene lately with a rival called Nugache.

Its origins haven't been pinned down with certainty, but like Russian-born Storm, Nugache has proven both slippery and territorial, acting as both an elusive quarry for anti-virus software and a staunch defender against other botnet-spawning malware. Nugache also employs peer-to-peer networking to mask its command and control hierarchy and can switch attack modes - a highly desirable trait for botnet operators.

This mimicry has shown results. "Nugache has grown rapidly but not at the levels of Storm at its high point," reports Matt Sergeant, an Anti-Spam Technologist at MessageLabs.

Even so, Storm's operators are leaving nothing to chance.

The group is countering the copycat and shoring up its numbers with a Valentine's Day-themed push. As such, they have begun to pump out spam with a decidedly amorous tone.

This is not unprecedented, according to Sergeant. Chronicling Storm's activity over the past few months, he points to an increase in greeting card spam as the holidays approached and football related e-mails as the sports season kicked off.

Now, Storm's operators are hoping to ensnare romantics leading up to their favorite time of year.

Since Monday, MessageLabs has detected an increase in sentimental and sexually suggestive spam. Typically, these simple e-mails arrive with subject lines that read 'If Loving You' and 'Happy I'll Be Your Bride'. The body contains a short message with a link to an IP address that hosts the worm - usually the same IP that originated the message.

Sticking its devious nature, this latest version of the worm evades most anti-virus engines. Sergeant somberly informs that all but one of the security programs he exposed the new version to failed to detect it.

And it doesn't end there.

In recent months, Storm's botnet has undergone a drastic transformation. To thwart attempts to research and ultimately unravel the botnet, Storm's custodians are utilizing encryption, further shielding their operation and effectively blinding security watchers to its communications and internal workings.

Why such measures? It boils down to money, says Sergeant. "The bigger the botnet, the more they can rent it out."

For now, Sergeant reports success in finding and blocking this latest type of spam for MessageLabs' customers. He also predicts that as February 14th approaches, Storm is likely to start mailing greeting cards again.

This article was first published on EnterpriseITPlanet.com.