CV Spam Comes with a Malicious Attachment

A new spam campaign has been discovered spoofing job-application-related emails. While most spammed messages have been known to take advantage of a specific occasion, a holiday, or even a currently newsworthy item, spammers have hit a new low with this scheme.

The sample in Figure 1 contains a short body text that says “Please review my CV, Thank you!” The email also comes with a .ZIP file attachment. Once opened, the .ZIP file executes a malicious .EXE file named Resume_document_589.exe, detected by Trend Micro as TROJ_OFICLA.AB. When executed, it drops its component file, TROJ_DLOADR.SMVE, onto users’ systems. This was found to be the same downloader found in a similar spam run.
Job spam is no longer a novel enticement to lure users into malicious tactics. While the one-liner in the body text may be far from convincing to the more experienced user, first timers who chance upon the spam may still unwittingly open the attachment out of mere curiosity. Recipients are thus advised to constantly exercise caution when opening email messages and when executing file attachments.
Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from even reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains that host malware-ridden (continue reading...)