Well, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites:
![[Give up smoking]](https://sophosnews.files.wordpress.com/2007/10/greek1.png)
![[Viagra spam]](https://sophosnews.files.wordpress.com/2007/10/greek2b1.png?w=640)
So, if you need assistance to give up smoking, or a little ‘help’ in the bedroom, beware of such spam offering you assistance. You might just get more than you bargained for:
![[Greek web attack flowchart]](https://sophosnews.files.wordpress.com/2007/10/greek_gifts21.png)
Fortunately, we proactively detected the malicious script on the central attack site (highlighted in yellow) as Mal/ObfJS-A. The malicious scripts on the Greek sites are now detected as Troj/Rectoun-A, and the malware the attack ultimately attempts to install is detected as Troj/Agent-GEA.
