It's Google Spam! It's Video Spam! It's Malware!

Yet another new twist in the never ending array of Google Spam that we have been seeing over the past 2 months.  The sample that just hit our spamtraps within the last hour has a bit of a new twist to it.

When I first opened this message I thought "Neat!  Google video spam!"  It wasn't until I looked at the source code of the message that I realized that this was just another link to malware redirecting through Google with a fake video as the lure.

Here is a screenshot of the spam:



Clicking any of the links downloads a file named  video_codec-v2.12.384.exe.

So far AV pickup is pretty spotty (stats courtesy of Virustotal):

Antivirus	Version	Last Update	Result
AhnLab-V3	-	-	-
AntiVir	-	-	TR/Dropper.Gen
Authentium	-	-	-
Avast	-	-	Win32:Agent-GPS
AVG	-	-	-
BitDefender	-	-	DeepScan:Generic.Malware.FBldld.D22058AD
CAT-QuickHeal	-	-	-
ClamAV	-	-	-
DrWeb	-	-	-
eSafe	-	-	suspicious Trojan/Worm
eTrust-Vet	-	-	-
Ewido	-	-	-
FileAdvisor	-	-	-
Fortinet	-	-	-
F-Prot	-	-	W32/Agent.Q.gen!Eldorado
F-Secure	-	-	Suspicious:W32/Malware!Gemini
Ikarus	-	-	Virus.Win32.Agent.GPS
Kaspersky	-	-	-
McAfee	-	-	Proxy-Agent.af.dr
Microsoft	-	-	Trojan:Win32/Danmec.gen!A
NOD32v2	-	-	a variant of Win32/Agent.NEQ
Norman	-	-	-
Panda	-	-	-
Prevx1	-	-	Heuristic: Suspicious File With Bad Child Associations
Rising	-	-	-
Sophos	-	-	Troj/Bdoor-AJR
Symantec	-	-	-
TheHacker	-	-	-
VBA32	-	-	suspected of Trojan-PSW.Pinch.12 (paranoid heuristics)
VirusBuster	-	-	-
Webwasher-Gateway	-	-	Trojan.Dropper.Gen