GMail Unzips Password Protected Files Link
Of all the files created, all password protected, and each containing the exact same malware, only the ZIP file with a password of ‘infected’ was scanned. This suggests that Google likely isn’t using a sizable word list, but it’s known that they are targeting the password of ‘infected’. To compensate, researchers should now move to a new password scheme, or the use of 7zip archives instead of ZIP.
So I guess they are just looking for dumb phishers that use GMail. I’m betting that Venn diagram is pretty much a circle.
Still, this seems extremely user hostile and yes, evil. There’s no legitimate reason to attempt cracking a password protected file without user interaction or notification.