There's a new version of the Storm Trojan on the loose, disguised as an e-postcard but actually recruiting zombies for a botnet, according to the SANS Institute's Internet Storm Centre.

The attack arrives as a spam with the subject line "You've received a postcard from a family member!" and contains links to one of several malware hosting sites, said SANS researcher Lorna Hutcheson in a SAN ISC security alert. The interesting part is just how multi-layered the attack is - it uses several different exploits, both technical and social.

The aim is to get the user to download a Trojan. If executed, this calls home to a malware hosting server which SANS says has been active since December 2006, and attempts to install zombie software. That then ties the PC into a spam botnet.

Perhaps the most dangerous part is that, when SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download.®

Related stories

• Guessing at compromised host numbers (25 September 2007)
• Fast flux foils botnet takedown (11 July 2007)
• Trojan creates bogus webmail accounts to punt drugs (6 July 2007)
• Storm Trojan feeds on Independence Day (4 July 2007)
• MPack malware exposes cheapskate web hosts (3 July 2007)
• Talking Trojan taunts victims (3 July 2007)
• Senior execs targeted in 'precision' malware attacks (2 July 2007)
• Fake flash player site used to spread malware (22 June 2007)
• Anti-spam sites weather DDoS assault (11 June 2007)
• Stormy weather for malware defenses (7 March 2007)
• Imperfect Storm aids spammers (19 February 2007)
• Anatomy sheds new light on Storm Worm (9 February 2007)
• Storm Trojan gang declare start of World War III (22 January 2007)