A friend at kissesonapostcard

On Friday, I received an email from [email protected] with the subject: “Hi there, an old friend has just sent you a greeting card and a kiss!” It was sent to the infosec board’s mailing list so there is no chance this is legit.
The message contained a link, “Get your greeting card here” hxxp://send.kissesonapostcard.com/a_friend.exe (hxxp munged by me to avoid people accidentally clicking on a link).
Kaspersky detected this file as IRC.Zapchast so I submitted the message to my email hygiene provider.
Now most people wouldn’t have done that because their email antivirus product has no hope of detecting links to malicious code in emails. Since mine purports to do this, I submitted the email. Surprisingly, two days later, I got a email back with a case number. Another two days later, I was asked by support to save the offending message as a .msg file and then zip it and send it to them. That kind of annoyed me because I included full headers and the html of the message.
As long as I was thinking about it this file, I ran it through virustotal again. This time most of the vendors are catching it.