Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fake Resume E-mail Distributing Rouge Anti-Virus

Security firms, including Sophos and Websense, have issued a warning about dubious e-mails that allegedly target human resources employees. The e-mails supposedly carry zip files, which when opened, infect user's computer with fake anti-virus.

The report from Websense Security Labs says that the zip file contained in the message is an executable malware file that directs the user to Oficla bot. For its command and control functions, it establishes link with a URL hosted by davidopolko.ru domain. Besides, get-money-now.net, topcarmitsubishi.com.br, li1i16bo.com and mamapapalol.com are the other domains it connects to.

Once the malware gets downloaded, it pops up a warning message that informs users that a Trojan has infected their computer. After this, a rouge anti-virus "Security essentials 2010" gets downloaded and installed on the system.

Some attachments are masqueraded as picture files that might trick some unprotected users to open the e-mail attachment. According to Websense, it has observed over 230,000 samples in a span of just 4 hours, and it is rapidly increasing.

Senior Technology Consultant at Sophos, Graham Cluley, confirmed the assault. He said that a malware campaign created to infect computers users worldwide is currently in circulation, as per the news published infosecurity.com on May 12, 2010. He further warned staff to be watchful of an unsolicited e-mail appearing to be an attached CV/resume.

Cluley highlighted some of the basic characteristics of these short and to-the-point e-mails, which include - Subject line: "New Resume" and Attached file: Resume_document_459.zip. The body of the e-mail says, "Please review my CV, Thank You!"

Cluley further said that if the attached file Resume_document_459.zip file is opened, user's Windows PC might face the risk of malware infection. Sophos detected the viruses in this case as Mal/EncPk-NS and Troj/Invo-Zip.

Unfortunately, for this attack, a detection rate of just above 50% has been detected for leading anti-virus engines by VirusTotal, a malware detecting website.

According to security experts, similar malicious messages can be received by those who are not even related to employment in any way. So if users want to avoid these attacks, they should not download and open the malicious e-mail attachment.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 5/22/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page