14 DAY TRIAL // The Internet Crime Complaint Center (IC3), a joint project between the FBI and the National White Collar Crime Center (NW3C), has issued a warning that cybercriminals are responding to job ads with fake emails carrying trojans hidden as CVs.
In order to outline the seriousness of this threat, the center presents a case investigated by the FBI, in which a company infected in this manner ended up loosing $150,000.
The business in question posted an employment offer online and received an application via email with a CV attached.
However, the attachment actually contained a version of the Bredolab trojan, a piece of malware known to be part of pay-per-install schemes.
This particular variant was used as a distribution platform for ZeuS, a notorious and sophisticated banking trojan used to steal millions from consumers and companies alike.
The FBI says the fraudsters used ZeuS to steal the online banking credentials of the person authorized to make financial transactions for the company and used them to access the firm's bank account.
They then modified the account settings to allow wire transfers and sent money to Ukraine and other US banks.
According to data from security vendor SonicWALL, the resume spam campaign occurred in back in July 2010. A technical analysis shows the same file name as the one mentioned by the FBI.
The rogue CV is called Myresume.exe and bears a Word document icon in order to trick recipients, especially on systems where known file extensions are hidden by default.
"The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees.
"Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack.
"The FBI also recommends that businesses use separate computer systems to conduct financial transactions," the IC3 writes in its intelligence note.