According to Trend Micro, the discovery could set the stage for a large-scale attack.
In a blog entry Thursday, researchers said most of the malware on the Russian server appears to just be copies of each other, but among them were three specific groups that are typically used to display pornographic Web sites in a victim's Web browser.
Meanwhile, Trend Micro Senior Software Engineer Feike Hacquebord reported "Italian-like" Web sites containing IFRAMES that point to the Russian Web server. These sites apparently reside in a hosting facility in Germany, with registration data pointing to an email contact hosted in Russia, researchers wrote.
"Looking at these massive samples of malware, we can't help to think that there's something brewing in Russia," researchers wrote. "We have just seen these cybercriminals pull the Italian Job recently. Are we now seeing a Russian Uprising coming our way?"
Last month, a cyberattack infected thousands of Web sites, most of them Italian.
Trend said it's monitoring the current situation, and has blocked the malicious Web sites. It is also adding patterns to ward off new malware found on the Russian server.