Good CV, Bad CV

If you are a employer, you may receive lots of CVs from candidates. Generally one would just open it up and review the content? Now you better be careful the next time you receive one, because you just might have the “other” kind of CV such as the one I received today.

It came with the Microsoft Work icon, and looked just like any other word document I have seen over the years. Turned out it wasn’t, and Believe it or not, was a executable worm instead ;-).

The most important thing about this worm is that it pretends to be a microsoft word document, but it is a executable file which hides the extension of file type. Attractive, isn’t it?

In addition, when you open the CV, there is nothing displayed on your screen. Yes, nothing. Are you disappointed? You will be, because this particular CV has a nasty payload.

Without notice, the bad “CV” creates multiple copies of itself in following various paths on the local computer:


<Start Menu>/Microsoft Office Word 2003.exe

<Start Menu>/<filename>.exe



Do you get headache now? Yes, then it might be time you really hired a IT student (or get Sophos as we detect this W32/VB-DXC).

While all this doesn’t surprise me, as masquerading as a legitimate file is an *old* way to get people to click-and-run malware, it does raise an intersting point. Do malware writers expect to get legitimate jobs by providing malware as proof of expertise? I can tell you the answer will be no.

A good CV is complusory, a good CV is not a worm!

P.S -> I hope folks are enjoying their festive lunches today. Merry Christmas everyone!