I know most everyone here knows better than to open e-mail from folks you don’t know, but for anyone who receives Hallmark, American Greetings, Blue Mountain, or other greeting card e-mail, this reminder can’t hurt.
The US Navy sent this reminder around, and a friend of mine associated with the DoD forwarded it to me. I’ve reformatted the text from all caps (somebody in the Navy still likes All Caps, go figure) for easier reading.To all: With the holiday season at hand, several of us will receive and send e-cards. If you receive an e-card and you do not recognize the sender’s name, please do not open the attachment. This is a ruse to insert a worm into your computer. A worm is sent with some of the e-cards from a "friend". The U.S. Navy dispatched the following notice:Open source reporting indicates a new outbreak of another Storm Worm variant during the Christmas holiday season in the form of e-cards. Storm Worm developers notoriously release new variants on holidays and prey on their victims’ willingness to open festive greeting cards.
Details: Internet users should be cautious of opening e-mails that appear to be sent directly from greeting card companies such as Hallmark. Clicking on the embedded links could possibly download a malicious file onto a victim’s computer that may compromise personal data. Hallmark has published useful information to assist users in recognizing and mitigating the effects of this new socially engineered attack that includes:
How to tell if a Hallmark e-card notification is real: the subject line of legitimate e-card notifications from Hallmark will say, "a Hallmark e-card from (name of the sender)" not a generic term like "friend," "neighbor" or "family member". The e-mail notification will come from the sender's e-mail address, not Hallmark.com. The notification will include a link to the e-card on Hallmark.com as well as a URL that can be pasted into a browser. The URL will begin with http//Hallmark.com/ followed by characters that identify the individual e-card. Move your mouse over the words "click here" in your e-mail. If you do not see the URL above, it is not a legitimate Hallmark e-card. Hallmark e-cards are not downloaded and they are not .exe files. In addition, Hallmark.com will never require an e-card recipient to enter a user name or password nor any other personal information to retrieve an e-card. To retrieve a legitimate Hallmark greeting card, users should copy and paste confirmation codes directly on the Hallmark e-card website.
NOTE: This same copy-paste of confirmation codes is used by nearly all legitimate companies dealing in e-cards.
Generic e-mail Storm Worm info at Snopes