May 12, 2010

The Russian anti-virus vendor Doctor Web warns users as cyber-criminals start spreading malicious programs over the Google Groups service. In particular user systems may get infected with different modifications of Trojan.Fakealert.

First a user receives a spam message containing a link to a file that can be downloaded in a Google group created by criminals. Various social engineering tricks can be applied to lure the user into downloading this file. For instance, the message may inform you that e-mail access parameters have been changed and you need to download a manual before your proceed with editing your account information. You may also be notified that your e-mail account has been compromised and the instructions file will provide you with information on how to deal with this situation.

Once a user clicks on the link, he gets to the page containing a download link to the file. The file can contain modifications of Trojan.Fakealert (fake anti-viruses).

If you try to follow such a link in several hours after the bulk of spam messages has been sent out, Google Group will inform you that the page you are about to open may contain spam. However, choosing "I would like to view this content" will allow you to access the download page. Therefore access to the malicious file is not disabled.

Doctor Web recommends users of Dr.Web software to use caution whenever you get a message from an unfamiliar sender especially if such a message concerns your e-mail account information or other personal data.