We've just seen another fake Christmas card malware run.

E-mails looked like this:



The links are masked and point to a fake Yahoo Greeting card site. Do note the fake URL (abuse messages have been sent about the site).



The site prompts the user to download malicious
macromedia-flashplayerupdate.exe (md5: 506744BF870B5B0E410087BD6F3EFD37).

We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.



Update: Another domain is being used too, registered by the same person — http://www.yahoo.americangreetings.com.droeang.net.