Sophos Cloud Optix
Well, Greeks actually. A number of malicious web sites hosted in Greece have been identified by SophosLabs in the past few days. Additionally, we have seen spam runs referencing those same sites:
![[Give up smoking]](http://nakedsecurity.sophos.com/files/2007/10/greek1.png)
![[Viagra spam]](http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2007/10/greek2b1.png)
So, if you need assistance to give up smoking, or a little ‘help’ in the bedroom, beware of such spam offering you assistance. You might just get more than you bargained for:
![[Greek web attack flowchart]](http://news-sophos.go-vip.net/wp-content/uploads/sites/2/2007/10/greek_gifts21.png)
Fortunately, we proactively detected the malicious script on the central attack site (highlighted in yellow) as Mal/ObfJS-A. The malicious scripts on the Greek sites are now detected as Troj/Rectoun-A, and the malware the attack ultimately attempts to install is detected as Troj/Agent-GEA.