We've just seen another fake Christmas card malware run.
E-mails looked like this:
The links are masked and point to a fake Yahoo Greeting card site. Do note the fake URL (abuse messages have been sent about the site).
The site prompts the user to download malicious macromedia-flashplayerupdate.exe (md5: 506744BF870B5B0E410087BD6F3EFD37).
We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.
Update: Another domain is being used too, registered by the same person — http://www.yahoo.americangreetings.com.droeang.net.