Holiday season malware

Our spam traps started to receive a large amount of plain text email spams. The emails pretend to stem from “Google and Facebook” and use the sender address The attachment which is 810 bytes in size is an html document containing some obfuscated JavaScript.

Considering these mails a “deja-vu”, I was preparing to just close and ignore them, but the JavaScript looked interesting. After unescaping the code it downloads the executable file “Google.information.exe” which is detected as TR/Dropper.Gen by Avira anti-malware solutions.

I would like to point out again here that nothing in this world comes for free. Do not let yourself get fooled by such prizes – those are really weird, by the way, as Google Maps relies on GPS in the smartphone already, for example; and Google Chrome OS will be free anyways as soon as it gets released!

Sorin Mustaca
Data Security Expert