Dec 7, 2010 09:58 GMT  ·  By

Security researchers warn that spam emails suggesting a joint prizes giveaway campaign from Google and Facebook eventually lead to a variant of the Zbot banking trojan.

The fake emails purport to come from “Google and Facebook team” and bear an uninspired subject of “From the Google and Facebook team.”

The contained message suggests that Google and Facebook, which have pretty much been at each other’s throats, have decided to put their differences aside and join together to give prizes away to users. The emails read:

Dear subscriber,

As you may know, the holidays are just around the corner, so all of us here at Google and Facebook decided to come together and bring you a new contest with lots of prizes, including, but not limited to, the new Google Chrome OS which will be released in January 2011, Nexus One smartphones, Google Maps GPS for your favourite mobile phone and lots more.

Think of it as our way of saying: ‘Thank you !’ for supporting our work all this time. For a chance to win, all you have to do is go to the attached page and follow the instructions.

Hope you enjoy, Google & Facebook.

Ironically enough, two of the three mentioned prizes are actually free products to begin with and all of them are from Google. We are, therefore, unsure of what Facebook is supposed to bring to the table in this imagined campaign, except for its name as lure.

The attached file is called “Google & Facebook.html” and contains obfuscated JavaScript code. When opened inside a browser it redirects to a website that serves an exe file for download.

According to security researchers from BitDefender, this file is a trojan downloader written in .NET, meaning that it requires the .NET Framework installed on the targeted system in order to run.

The original dropper installs a secondary downloader, which distributes several information stealing trojans, including Zbot.

Users are advised never to download files they didn't explicitly asked for. They should also exercise increased caution when receiving email attachments, even when they appear to originate from trusted sources.