The correct CV (or malware masquerading as a CV...)

Filed Under: Malware, SophosLabs, Vulnerability

Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out.

All messages had the same body text that read as follows:

Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.

I have just spotted a mistake on the CV I sent in which my email was incorrect.

Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.

My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.doc.exe

The link was broken.

It was obvious that somebody was trying to trick people into downloading executable files disguised as CV documents but had made some mistakes in the course of doing so.

Then at a later time during the day, this was observed in quantity:


Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.

I have just spotted a mistake on the CV I sent in which my email was incorrect.

Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.

My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.docx


It is exactly the same text body except the last line.

The link is now live, and the linked file is detected by Sophos as Mal/Zbot-U.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s