They were late for Christmas but early for the New Year: We're already seeing New Year greeting card spam runs directing recipients to a malicious web site called uhavepostcard.com.
Right now there are no exploits on the site, but it tries to download a copy of Happy2008.exe to the user. Which is something you don't want.
Update 1: On the 26th we started seeing a new domain: happycards2008.com. The filename has morphed as well, to happy-2008.exe.
Update 2: Still the 26th and the new domain newyearcards2008.com is being used. Filename right now is happynewyear2008.exe…