With year end nearing, festive e-greetings have become the next source of malware attacks.

According to an F-Secure report, a number of Christmas and New Year cards (malwares) are hitting mail in-boxes globally. These fake cards are serving as cover for malicious downloads.

The X'Mas fakes come with links embedded in emails that direct users to fake Yahoo! greeting card Web sites, running in conjunction with American greetings.

These fake Web sites flash requests to download the latest Adobe Flash Player, which actually happens to be a malicious software named macromedia-flashplayerupdate.exe.

F-Secure has detected this file as an Agent variant that collects various types of information from infected machines, sending it to malware authors via a Web site.

Meanwhile, there's also a Happy New Year exe (spam) doing the global rounds, which F-Secure in its report explains as some clown spamming around an attachment called Happynewyear.exe.

Once a user runs the exe file, the malware drops a nice Christmas tree to the desktop, and Systray. The malware (detected as Trojan-PSW:W32/Delf.BBE), steals passwords and other assorted information, and sends it to lbss.3322.org.

According to Patrik Runald, senior security specialist of F-Secure Security Labs APAC, the popularity of e-cards furnishes fertile ground for malware authors. Spammers have a long tradition of trying to lure people with mush, e-cards, et al.