It seems like the same group responsible for spamming the malicious eCard greetings are also active with an old virus social trick, the “You’re Infected!” email. In this case, attackers are lazy enough to spam both the eCard and “You’re Infected!” emails with the same exact infectious links. This looks quite odd for unsuspecting users when the link for the eCard is “patch.exe”. The text has been very sloppily made too, announcing how there is a patch that can fix worms.

In any case, we recommend never to click on links from emails, especially the ones that download executables. These ones are being detected by Trend Micro as WORM_NUWAR.HC.