Beware of Geeks bearing gifts

Filed Under: SophosLabs, Spam

Well, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites:

[Give up smoking]

[Viagra spam]

So, if you need assistance to give up smoking, or a little 'help' in the bedroom, beware of such spam offering you assistance. You might just get more than you bargained for:

[Greek web attack flowchart]

Fortunately, we proactively detected the malicious script on the central attack site (highlighted in yellow) as Mal/ObfJS-A. The malicious scripts on the Greek sites are now detected as Troj/Rectoun-A, and the malware the attack ultimately attempts to install is detected as Troj/Agent-GEA.

You might like

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.