CareerBuilder.com Exploited, Enterprise Websites get Malware -Proofpoint

Proofpoint the security company has warned of a phishing e-mail attack that contaminates enterprises' websites with malicious software through one job search portal called CareerBuilder.com over the Internet, published thestack.com dated May 1, 2015.

This is how the attack works: when viewing job adverts on careerbuilder.com, the hacker would upload malware with the files named "cv.doc" or "resume.doc" at the time of posting applications. When the job searcher would submit his CV, one e-mail notification would get dispatched for the enterprise together with the malware file.

Thereafter, when the enterprise clicks on the e-mail notification sent mechanically from Careerbuilder.com for seeing an actually malware tainted attachment, the file exploits one familiar Word vulnerability for planting the malware onto the victimized enterprise's PC. Subsequently, the malware would link up with one C&C server that thereafter pulls down as well as extracts open one image file, introducing Sheldor a backdoor on the consumer's PC.

To execute the attack, certain effort and time is required unlike the automated malicious programs found in the wild. Its efficacy also plays with the pretty greater possibility about electronic mails carrying the malware-tainted files which their recipients would open, elaborates Proofpoint.

The e-mail attack is quite discriminate that targets many broadcasting firms, energy firms, retail stores, electric supply companies and credit unions. Apparently, the hackers concentrate on job opportunities within finance or engineering companies using the job names as "middleware developer," "business analyst" and "web developer."

Spokeswoman for CareerBuilder Jennifer Grasz has said that her company is probing how far the attack can go taking assistance of outside experts while cautioning affected clients. Marketwatch.com reported this dated May 2, 2015. Indeed, as per Proofpoint, the phishing e-mail campaign has shown somewhat marginal volume of electronic mails.

According to the security company, any other job portal which runs in the same manner as CareerBuilder too is vulnerable to the above sort of assaults.

Conclusively, in the opinion of Senior Security Analyst Ken Westin at Tripwire the security company, phishing will keep on being the most popular attack medium merely since it's so effective. Darkreading.com published this dated April 30, 2015.

» SPAMfighter News - 5/7/2015