"Srizbi has returned from the dead and began updating all its bots with a fresh new binary just a few hours ago," FireEye reported.
"In the coming days, many journalists and researchers will ask how it is possible that the largest botnet in the world was allowed to update itself, when a security firm had near complete control over it. This is an interesting angle that we'll be exploring once all the technical facts are out on the table."
The Srizbi botnet command and control systems were initially put back online in Estonia, but have since been taken down.
The researchers also reported that the Rustock rootkit is also back in circulation and is sending a variety of spam based on social engineering and the sale of medical products.