FYI...
-
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=204700531Dec. 4, 2007 - "...Message Labs said following Thanksgiving that it was seeing holiday-themed spam coming across its infrastructure at a rate of about
300,000 an hour. Symantec security researcher Jitender Sarda documented* one such attack on Tuesday that uses e-cards. "These e-cards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the e-cards, which have underlying tricks to try and infect the computer," said Sarda in a blog post. "With the Xmas bells starting to ring, here is the first incidence where Xmas e-cards have started doing the rounds." While these e-cards may appear to come from a familiar brand name, the "From:" field is forged. And the spammer responsible, perhaps aware that e-cards have acquired an air of disrepute, has even gone so far as to include the phrase "(no worm, no virus)" in the e-card's text, as if such an assurance made the message safe. In fact, the link provided attempts to download a file named "
sos385.tmp" which is itself a downloader that connects to the Internet and attempts to download other malicious files."
*
http://preview.tinyurl.com/2u5z7n(Symantec Security Response Weblog)
--------------------------------------------------
More Christmas Card Action-
http://www.f-secure.com/weblog/archives/00001330.htmlDecember 5, 2007 - "We've just seen another fake Christmas card malware run... The links are masked and point to a fake Yahoo Greeting card site. Do note the fake URL (abuse messages have been sent about the site)... The site prompts the user to download malicious
macromedia-flashplayerupdate.exe (md5: 506744BF870B5B0E410087BD6F3EFD37). We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website."
(Screenshots available at the F-secure URL above.) 
Topic: Holiday e-card SPAM