Rustock and Srizbi, two of the world’s biggest spam botnets, may be connected. Researchers have discovered that the two botnets share the same malware delivery method, a Trojan called Trojan.Exchange, which is activated when unsuspecting users click on malicious links in spam messages. Most of the spam the botnets send is of the fake headline variety (such as the recent Obama and Nuclear Disaster spams) and the fake video variety (this type usually tells the recipient they were caught on video in an embarrassing situation and invites them to click on a link to see for themselves).

Rustock is currently the biggest spammer on the net, with Srizbi a close second. It’s not yet known if the two botnets are being run by the same gang or simply have some sort of agreement in which they work together, but there is some speculation that they are both run by the infamous Russian Business Network, a known haven for spammers, hackers, and other cybercriminals.

Others believe that the botnets are being rented out to thousands of hackers who then use both to do their dirty work, making it appear that the two botnets are working together. A third theory is that they are simply using the same service to distribute their malware. This seems especially plausible as many smaller botnets have been found using the Exchange Trojan. Whatever the reason behind this newly discovered connection, one thing all experts agree on is that the two botnets remain distinctly separate with their own command structures and control servers.

Since botnets are constantly changing, the answers researchers are looking for may never be answered. Right now, cybercriminals remain one step ahead of the folks trying to stop them.