The mail seems to originate from a legitimate source and thus, the receiver is usually tempted to click on the link included in the message and see the card. However, this is hardly the case. According to a report on Symantec’s blog, the URL included in the eCards attempts to download "sos385.tmp" file, which is a downloader eager to get onto the web and install more malware on the victim’s machine.

Basically, the mail resembles the following example: (it’s worth noting the spoofed header, as well as the “no worm , no virus” text placed right next to the link):

To: [Removed]
Subject: This is my one-off Xmase-card for you ^_^ Very nice
From: ***** Ecard !!! XXXXX@*mail.com
Date: Sat, 17 Nov 2007 05:11:16 -0600
Reply-To:
Mail body:
http://uklotttery.us/?id=ecard << This is my one-off Xmase-card for you ^_^ Very nice
(no worm , no virus)”

As always, the way to dodge such attempts is to ignore any mail coming from an unknown source. Also, be careful with emails coming unexpectedly, they might not actually come from the person/organization you believe to have sent them.