Fake Resume E-mail Distributing Rouge Anti-Virus
Security firms, including Sophos and Websense, have issued a warning about dubious e-mails that allegedly target human resources employees. The e-mails supposedly carry zip files, which when opened, infect user's computer with fake anti-virus.
The report from Websense Security Labs says that the zip file contained in the message is an executable malware file that directs the user to Oficla bot. For its command and control functions, it establishes link with a URL hosted by davidopolko.ru domain. Besides, get-money-now.net, topcarmitsubishi.com.br, li1i16bo.com and mamapapalol.com are the other domains it connects to.
Once the malware gets downloaded, it pops up a warning message that informs users that a Trojan has infected their computer. After this, a rouge anti-virus "Security essentials 2010" gets downloaded and installed on the system.
Some attachments are masqueraded as picture files that might trick some unprotected users to open the e-mail attachment. According to Websense, it has observed over 230,000 samples in a span of just 4 hours, and it is rapidly increasing.
Senior Technology Consultant at Sophos, Graham Cluley, confirmed the assault. He said that a malware campaign created to infect computers users worldwide is currently in circulation, as per the news published infosecurity.com on May 12, 2010. He further warned staff to be watchful of an unsolicited e-mail appearing to be an attached CV/resume.
Cluley highlighted some of the basic characteristics of these short and to-the-point e-mails, which include - Subject line: "New Resume" and Attached file: Resume_document_459.zip. The body of the e-mail says, "Please review my CV, Thank You!"
Cluley further said that if the attached file Resume_document_459.zip file is opened, user's Windows PC might face the risk of malware infection. Sophos detected the viruses in this case as Mal/EncPk-NS and Troj/Invo-Zip.
According to security experts, similar malicious messages can be received by those who are not even related to employment in any way. So if users want to avoid these attacks, they should not download and open the malicious e-mail attachment.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 22-05-2010