Some malware authors have even gone so far as to include the phrases "no worm, no virus" in the e-card’s text, as if such an assurance made the message safe.

‘Tis the season to be wary. Sadly, malware authors are quick to seize on current events to cloak their social engineering attacks — which typically involve tricking people into clicking on a malicious link or visiting a malicious Web page — in an aura of legitimacy.
So it is that the holiday season brings a surge in holiday-oriented scams. As security company Cyveillance noted on Monday, phishing attacks jumped by 300% on Thanksgiving Day, compared with the number of attacks seen the previous week. 

Another security company, Message Labs, said following Thanksgiving that it was seeing holiday-themed spam coming across its infrastructure at a rate of about 300,000 an hour.

Symantec (NSDQ: SYMC) security researcher Jitender Sarda documented one such attack on Tuesday that uses e-cards.

"These e-cards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the e-cards, which have underlying tricks to try and infect the computer," said Sarda in a blog post. "With the Xmas bells starting to ring, here is the first incidence where Xmas e-cards have started doing the rounds."

While these e-cards may appear to come from a familiar brand name, the "From:" field is forged. And the spammer responsible, perhaps aware that e-cards have acquired an air of disrepute, has even gone so far as to include the phrase "(no worm, no virus)" in the e-card’s text, as if such an assurance made the message safe.

In fact, the link provided attempts to download a file named "sos385.tmp," which is itself a downloader that connects to the Internet and attempts to download other malicious files.

Source: informationweek.com