US-CERT is aware of public reports of malware spreading via malicious electronic greeting cards (ecards) related to the Christmas and New Year's holidays. The reports indicate that the malware is spreading via emails containing a link to a malicious ecard. If a user clicks on the link, they will be prompted to download an executable file. If the user accepts the download, malware may be installed onto their system.

US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Read more: US-CERT Current Activity