Well, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites:
So, if you need assistance to give up smoking, or a little ‘help’ in the bedroom, beware of such spam offering you assistance. You might just get more than you bargained for:
Fortunately, we proactively detected the malicious script on the central attack site (highlighted in yellow) as Mal/ObfJS-A. The malicious scripts on the Greek sites are now detected as Troj/Rectoun-A, and the malware the attack ultimately attempts to install is detected as Troj/Agent-GEA.