The simplistic spam campaign that hit around Christmas included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server. One of the executables being used in the e-card attack is nearly identical to a file that was used in a similar attack in February 2010 that was detailed by security firm NetWitness at the time. The malware searched the local harddrive of the victim PC for xls,doc and pdf files, and uploaded them via FTP to a server in Belarus.
Source: https://threatpost.com/white-house-e-card-scam-part-larger-zeus-related-attack-010411/74817/

