‘Please look my CV’ (if you want to get infected by malware)

The “New resume” malware attack I blogged about earlier this week has put on a new raincoat and a fake beard, adopting a slightly different disguise.

The latest major spam attack wrought by hackers still pretends to be in the form of an unsolicited CV or resume, but uses slightly different wording from its previous incarnation.

Malicious email posing as a CV

A typical email reads as follows:

Subject: Please look my CV. Thank you.
Attached file: My_Resume_6213.zip or My_Resume_317.zip
Message body:

I have figured out that you have an available job.
I am quiet intrested in it. So I send you my resume,

Looking forward to your reply.

Thank you.

Presumably you wouldn’t employ this person because of their good spelling or grammar.

Of course, opening the attached ZIP file (My_Resume_6213.zip or My_Resume_317.zip) is not a good idea as despite first impressions it doesn’t really include a Curriculum Vitae, but instead carries a malware-infected file.

Sophos proactively intercepts the attack as Mal/FakeAV-BW and Mal/BredoZp-B.

Make sure your staff, including employees who work in the human resources department, are aware that the bad guys are distributing their attacks in this way, and check that you have a solid defence in place.