The anatomy of a greeting:

Just opened the mail in the morning and I see in the junk folder an interesting message. It appeares that someone sent me an e-card, too bad is not my birthday. The mail looks like this:

Carol has sent an e-card. Your Greeting card will be available at: hxxp://greetingcardcalendar.com/ID=?-XXXXX..X- This card was sent from 123greetings.com!

At first glance this may look valid to anyone. 123greetings.com is a valid websites with some lovely e-cards. Now the question that arise, is why the link isn’t from 123greetings.com ? So, we downloaded the webpage and had such a “BIG” surprise, it has a link to a “card.exe”. Now that’s funny. How many clean exe e-cards from 123greetings have you seen ? The correct answer is NONE
Fortunately, the “card.exe” (MD5:88dfdfa6ba077c18df753f279a51258d) is already detected by several antivirus scanners: Email-Worm.Win32.Iksmas.by(Kaspersky), W32/Waledac.gen.a(McAfee), Trojan:Win32/Waledac.B(Microsoft)

So, we can learn from this e-mail the fact that even if someone sends us a message that appears to be from a valid website, always check the link to see where it points to.