Users of Australian Recruitment Company Attacked With Resumes Containing Trojan

On June 4, 2008, the MessageLabs Researchers revealed that hackers are exploiting an option of mail forwarding used by many recruitment companies, which sends an appropriate CV to customers when a new candidate uploads his resume to the site of recruitment company.

The attackers make use of an authentic ad on an anonymous site of an Australian recruitment agency to apply for a job by filling the online form and attaching a covering letter.

MessageLabs discovered an outbound Word (RTF) document from the recruitment firm (company's name disclosed) which also included an attached PDF file, containing information of an applicant applying for the post of accounts officer. But it contained a harmful executable software made to open user's computers for back-door Trojan attacks.

If the recipient clicks on the PDF file, nothing happens on the screen, but in the background the harmful file installs itself on the system and left a window open for attackers to invade corporate details.

Unfortunately, the attackers are trying to break the trust between companies and recruiter. The recruitment company has been restricted from auto forward the mail, which is sent to every member looking for qualified candidates and appeared to have come from an authentic source.

The MessageLabs Spokesperson said that there is a possibility of danger who has established that option. As a company sign up for the service of not to receive threats, a possibility of getting a clean mail increases.

This method is a modification of earlier scams. In September 2007, MessageLabs noted an increase in attacks aimed at businesses by forwarding C-level employees mails appearing to be from recruitment companies. The mails also contained the same RFT documents that were fixed with harmful screen saver files.

The researches also revealed that the perfect attacks are a zero-day attacks accessing rootkit-cloaked Trojan sent to a HR manager, who, because of policy of company, is bound to open the document.

The Spokesperson also added that these are scary cases as it is hard to safeguard against them. He also said that they have to use OFFICE, EXCEL, POWERPOINT and RTF files. He advised that it clearly depicts the signature based anti-virus is not sufficient. There should be more advanced technology.

Related article: Users Making Opening Online Accounts To Identify Thefts

» SPAMfighter News - 6/26/2008