14 DAY TRIAL // Security researchers from antivirus vendor Sophos warn of a new wave of emails distributing a new variant of the Buzus malware, which masquerade as official communications from major websites.
Some of the rogue emails pose as a job application response from Google and purport to come from a [email protected] address.
The message contained within reads: "We just received your resume and would like to thank you for your interest in working at Google. This email confirms that your application has been submitted for an open position."
It goes on to instruct recipients to open the attached file which is allegedly a review of the submitted application.
The file, called CV-20100120-112.zip, contains an installer for the Buzus worm which spreads by sending the emails through an external SMTP server and copying itself to removable USB devices.
The malware, detected as W32/AutoRun-BHX by Sophos, is also known to create copies of itself within folders usually shared by P2P applications with names suggesting cracks for popular applications.
Other Buzus distribution emails masquerade as unread message notifications from Facebook and carry a "Facebook message.zip" file.
"You have got a personal message on Facebook from your friend. To read it please check the attachment," the rogue emails read.
Additional spoofed communications which are part of the same campaign purport to come from Twitter, hi5, Amazon and Hallmark. They look identical to a similar wave of rogue emails reported by security vendors in October last year, suggesting that the malware authors only updated the Buzus version.
"Always be suspicious of unsolicited email attachments, and ensure that your anti-virus protection is up-to-date. Malware campaigns can take different disguises and users must learn to be on their guard," warns Graham Cluley, senior technology consultant at Sophos.