According to CA (Computer Associates) beware of any Hallmark E-Cards in your inbox. It may seem safe and genuine sent from a family or friend, but this malware can cause havoc to your computer. We recommend that you keep a watchful eye out for deceptive Christmas ‘promotions’ or e-cards.

From CA: Using the happy subject line “You have received [sic] A Hallmark E-Card”, Win32/Mytob variants attached to spam emails have been getting around lately. The team at CA ISBU labs has monitored Mytob’s increased activity especially towards the end of Q3 2008, and you can read more by visiting the Win32/Mytob.OM and Win32/Mytob.ON malware analyses in our encyclopedia.

Now that we’ve turned the corner into the Yuletide season, we expected Win32/Mytob variants to spice up the social engineering with festive spirit, and unfortunately we were not disappointed. Today we received a new Win32/Mytob variant disguised as a Hallmark e-card, as well as McDonalds and Coca-Cola Christmas promotions. We detect the malware as Win32/Mytob.OO, and it uses this deceivingly friendly Christmas snowman file icon:

Win32/Mytob.OO uses this icon to hide its nefarious intentions.

Below are full details of three spam emails sent by Win32/Mytob.OO. In the first spam email, the worm poses as a Hallmark e-card with these characteristics:

From:
postcards@hallmark.com

Subject:
You have received [sic] A Hallmark E-Card

Message:

Hello!

You have received [sic] a Hallmark E-Card from your friend. To see it, check the attachment. There’s something special about that E-Card feeling. We invite you to make a friend’s day and send one. Hope to see you soon, your friends at Hallmark your privacy is our priority. Click the “Privacy and Security” link at the bottom of this E-mail to view our policy.

Attachment: postcard.zip

Source: Computer Associates