As we see every year, Christmas season is a great opportunity for a new virus to spread by email using “Christmas” as a reason to read the email. We just had a post here on Avert Labs blog about one a few days ago. If it was just the spammers, we could understand, since they live to do that, but today I got an email from my bank, stating that I could start to send Christmas and New Years virtual cards through their website! I immediately thought that it was a phishing scam, so I decided to check the link. It was indeed a new url created by the bank, something like www.christmascards[insert Bank Name here].com.br, where you could select up to 4 different Christmas / New Years cards and send to your friends… This just happened hours ago… I bet that I will start to receive some Xmas virtual cards and I also bet that those will not be from my friends . So you do not get me wrong, I like virtual postcards, but here, this strange marketing campaign will make things real easy for the bad guys, since the real bank sent a mass mail to all customers telling them that they can send those cards from their website. Now, what do you think will happen when the bank customers start to receive fake virtual postcards on behalf of the bank, with attached malware??