Skip to content

Google Groups distributing malware

By Ken Simpson | 1 minute read

Spammers have begun using Google Groups as a platform for malware distribution. Here’s how it works:

  1. The spammer sets up a new group, usually with a random-looking group name.
  2. The spammer posts messages to the group from a variety of gmail accounts, including a rich set of keywords that people are likely to search for (things like “Palin”, “John McCain”, etc.).
  3. The spammer includes a link in each posting to a web site that publishes malware.
  4. An unsuspecting Internet user who searches Google Groups for one of the common keywords (e.g. “John McCain”), stumble upon the spammers’ postings.
  5. The user clicks on the malware link, downloads the malware, and his or her machine becomes infected.

The following link was discovered through a simple Google Groups search – warning, this page contains a dangerous link:

Cut your support tickets and make customers happier