There is a fake Hallmark e-card mail circulating that contains a
download link that really points to a trojan infected executable. At
least one of my users has received it, though she failed to save it for
examination. :-(
The e-mail looks perfectly legitimate, but if you move your cursor over
the link (without clicking on it, of course) you can see that it points
to a Windows executable file (e.g.
.exe, .com, .bat, .scr, or .reg extension) and not to a .html or .php
page. Also, if you check the mail headers it should be obvious it's not
from Hallmark, but few people do that.
There's a short blurb about it here, including the server IP:
http://myitforum.com/cs2/blogs/rtrent/archive/2007/05/25/authentic-looki
ng-hallmark-e-card-email-circulating.aspx
The spreading of viruses in this fashion is becoming more popular now
that many sites block transfer of executable files in e-mail -- even the
best firewalls and mail scanners can't protect you from downloading a
virus through your browser.
If I get more info (like a virus name) I'll pass it along.
