Share

Related Stories

Top 5 Stories

News

Security firms warn of bogus job search emails

12 May 2010

Security vendors – including Websense and Sophos – have sent up a red flag about suspect emails targeting human resources staff. The messages apparently contain zip files that, when opened, infect users’ PCs with rouge anti-virus.

Websense Security Labs reports that the attached ZIP is an executable malware file directing to the Oficla bot. “This connects to a URL in the davidopolko.ru domain for its [command-and-control] functions”, the firm noted in a security blog posting. Once downloaded, the malware brings up a warning box telling users their machine has been infected by a trojan, followed by the download and installation of a rouge anti-virus called ‘Security essentials 2010’.

Malware tracking website VirusTotal shows a detection rate for this attack at just over 50% for the major anti-virus vendor engines.

Websense said the spam is quickly proliferating, as its security lab saw more than 230 000 samples in just four hours this morning.

Graham Cluley, Sophos senior technology consultant , warns staff to be cautious if receiving an unexpected email with what appears to be a resume/CV attached.

Cluley says the emails, which are short and to the point, have the following characteristics:

Subject: New resume
Attached file: Resume_document_459.zip
Message body: Please review my CV, Thank you!

"Hmm.. hardly the most convincing job application I've ever seen – they haven't even given any clues as to which role they might be applying for", said Cluley in his security blog posting last night. "However, you or some of your users might still be tempted to open the attached CV to see if it sheds any more clues as the point of the communication", he added.

Sophos' Cluey went on to say that, if you do make the mistake of opening the attached Resume_document_459.zip file, you run the risk of infecting your Windows computer with malware.

Sophos' research teams, he says, are intercepting the threat proactively as Troj/Invo-Zip and Mal/EncPk-NS.

“HR departments are used to receiving CVs over email and this kind of malicious activity is indicative of the modern-day hacker”, added Carl Leonard, EMEA security research manager for Websense. “The broad-brush approach to seeding malware is now out of favor; fraudsters know they can infect more computers, and steal more data, if they use techniques that fit the target.”

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×