Malware writers exploit Gmail outage

Opportunistic malware writers tried to use the Gmail outage yesterday to distribute malicious files, according to security vendor Trend Micro.

In a blog posting, the firm said that it noticed that searches for the term "Gmail down" brought up a Google Groups page of the same name riddled with links to malicious files.

"The link Really young good looking teenager-547b4.html redirects to two different URLs," wrote Trend Micro's JM Hipolito. "First, the URL hxxp:// {BLOCKED}worldx.com/software/f352d5ac52/10410/1/Setup.exe prompts the download of a file detected as TROJ_PROXY.AEI. Trend Micro Researcher Loucif Kharouni reported that TROJ_PROXY.AEI drops two files--a BAT file and a DLL file. The BAT file is used to load the DLL file, which in turn modifies the registry entries related to proxy server settings. This causes the results to user queries to be redirected to remote sites mostly related to advertising."

Another link - The Dark Knight torrent.zip - displays a pop-up message stating "Virus Activated," then deletes certain files critical to the loading of Windows. After doing so, another pop-up message is displayed, this time stating "Computer Over. Virus=Very Yes", then the computer shuts down after ten seconds, and will no longer be bootable, he added.

The Google Groups page has now been deleted and was only up for about 25 minutes, according to Trend, but the incident shows yet again just how opportunistice malware writers are - always on the look-out for any situation they can to exploit and infect user machines.