It looks like the Storm botnet is renting its services to different websites. In this case, we caught emails in our storm honeypot that look like storm emails:

The domain names are taken from a pool of about 10. They are all .com and are not recognizable word names or brands. They all resolve to different DNS names hosted by the botnet fast-flux network. This means that every time you access one of these websites, a different member of the botnet will point your browser to the same pharmacy-related website. These pharmacies are the clients of the botnet so they must be paying big for being advertised by means of spammed messages and for redirecting users from the emails to the website, whose real domain you never see. This is living proof of the economics behind botnets.

Here’s a screenshot of the pharmacy site: