Sophos Cloud Optix
An e-card is similar to a postcard or greeting card, but rather than printed on paper or cardboard it is created using digital media. There are numerous e-card companies available on the internet offering a diverse range of e-cards including e-cards with a personalized message, with flash animation and much more. A lot of these companies offer e-cards for free and since e-cards are not made from paper, it is considered more environmentally friendly than the traditional paper greeting cards. Therefore many people are now sending their messages using e-cards instead of the traditional paper greeting cards.
But malware writers are taking advantage of the popularity of e-cards to help them deliver their malware. A common trick that malware writers use to spread their malware is to send an email with an attachment (usually an executable file) to random email addresses and ask the recipient to open the attached file in order to view their e-card. Typically the attached file is a malicious program designed by the malware writers. The following is an example of this kind of email which is currently being spammed out (the attached zip file is already detected by Sophos as Troj/Agent-KQH):
The recipient should always be cautious about opening emails from an unknown sender especially those that require the recipient to open files attached to the email.