Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out.
All messages had the same body text that read as follows:
Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.
I have just spotted a mistake on the CV I sent in which my email was incorrect.
Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.
My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.doc.exe
The link was broken.
It was obvious that somebody was trying to trick people into downloading executable files disguised as CV documents but had made some mistakes in the course of doing so.
Then at a later time during the day, this was observed in quantity:
Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.
I have just spotted a mistake on the CV I sent in which my email was incorrect.
Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.
My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.docx
It is exactly the same text body except the last line.
The link is now live, and the linked file is detected by Sophos as Mal/Zbot-U.
View full post on SophosLabs blog
Related Posts
- Osama bin Laden dead – so watch for the spams and scams
Google's top-trending Anglophone search term right now is, understandably, "osama bin laden dead". Google officially describes its hotness (you couldn't make this stuff up) as volcanic.The short versi... - Remove Antivirus Center (Uninstall Guide)
Antivirus Center is a rogue anti-spyware program from the same family as Internet Protection. This malware is installed onto your computer through the use of fake scanner pages and Trojans that preten... - Compromised ads leading to TDSS rootkit infections
As we all know, compromised sites play an important role in web distributed malware, acting as the conduit, guiding user traffic to further malicious content. Sometimes, the attackers get lucky, and s... - Data thefts far more common than just Sony and Epsilon
In the wake of the press reports concerning the recent data breaches at Sony and Epsilon, some organizations are getting the wrong idea about modern online attacks. The media largely chooses to cover ... - Be Careful If Searching For Images of Kate Middleton’s Dress
Real-world events occasionally generate a massive number of online searches. Japan's recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the worl... - IME Injection Evolution
Recently,we found many malwares using a smarter way to inject the specified dll into system related to IME management. Comparing to the old IME injection tricks, it is much more difficult to be discov... - FBI takes on Coreflood botnet – but is this a step too far?
Two weeks ago, the Federal Bureau of Investigation (FBI) obtained a court order in Connecticut, USA. This court order allowed the FBI to undertake an anti-cybercrime operation of a sort which had neve... - Free anti-virus for Mac named Best Anti-Malware solution at SC Awards
Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that's exactly what happened at... - A case of malware starring Mario. or should it be Wario?
I always find it interesting to know what goes on in cyber criminals' minds.Lately I've been observing a deluge of websites being hacked and serving drive-by downloads in the form ... - infernomag.com / gtracking.org nastiness
Some sort of .htaccess hack is going on, redirecting users to infernomag.com and then on to a malicious site that looks like it's downloading a Zbot variant. It only seems to work with Internet Explor...
Posted on 03 September 2010. Tags: correct, CVor, Malware
