Here's the e-greeting card. It's a pretty good, fake, to the point where I almost--I say, almost--bought it. Then I remembered that it's not my birthday.
Nothing says it worse than a malware-laden, fake greeting card (click to enlarge image).
It turns out that the threat isn't even concealed with an obfuscatory URL, which is usually how it's done. Scroll your mouse over "To see it, click here," and you see the address of the bad executable: hxxp://www.themusicnetwork.co.uk/(((DONTCLICK))notes/card.exe
I don't know how the "card" executable came to be connected with themusicnetwork.co.uk, which appears to be a legitimate site.
True, malware-laden greeting cards are nothing new. My experience has been that one receives so many of these things, that when a particularly good fake comes along, you're apt to let down your guard. That's even though we're all well aware never to even look into a card which doesn't come from a named sender.
It's family members who need to be warned to look at the e-card and check it twice, or better yet, give and receive greetings the old-fashioned way, using 41 cents in postage. It'll be a lot cheaper in the long run.