Beware of Geeks bearing gifts

Well, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites:

[Give up smoking]

[Viagra spam]

So, if you need assistance to give up smoking, or a little ‘help’ in the bedroom, beware of such spam offering you assistance. You might just get more than you bargained for:

[Greek web attack flowchart]

Fortunately, we proactively detected the malicious script on the central attack site (highlighted in yellow) as Mal/ObfJS-A. The malicious scripts on the Greek sites are now detected as Troj/Rectoun-A, and the malware the attack ultimately attempts to install is detected as Troj/Agent-GEA.