Here's a slightly odd greeting card currently detected as: Email.Malware.Sanesecurity.07030201
It doesn't look anything special to look at... but wait... what's this.... oh look, it's a username/password ftp link to download a normally nasty .pif file:
So, it loads the Zapchast trojan, as can be seen from some VirusTotal results:
Now, let's look at the live FTP site, you can see from the screen grab, the .pif file containing the trojan. Hmmm.... there seems to be other folders there too:
Hang on... that's an Italian Bank name!
Let's see what it looks like in FireFox (with NoScript plugin enabled).
Yup, I'ts a Posteitaliane bank fraud page, just waiting to capture your details: