IE 11 is not supported. For an optimal experience visit our site on another browser.

‘Resume’ Malware Targets Hiring Departments

As if job growth in the U.S. weren’t weak enough, there’s a new reason to deter businesses from hiring.
/ Source: SecurityNewsDaily

As if job growth in the U.S. weren’t weak enough, there’s a new reason to deter businesses from hiring.

Companies now have to be on the lookout for malware hidden in job applications, warns the federal government’s Internet Crime Complaint Center (IC3).

“Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware,” reads the official warning, posted Wednesday (Jan. 19).

The warning doesn’t offer much detail about how the scam worked, but the San Jose-based security company SonicWALL posted the nitty-gritty about a similar attempt in July.

It was pretty simple: The miscreant sent an e-mail responding to an online job ad, and, as is often required, added his resume as an attachment.

But instead of the resume being a regular Word file with a file extension of “.doc” or “.docx,” the attachment had an “.exe” file extension. In other words, it was an application.

Such a scam would be easy to spot, except that Microsoft ships Windows with default settings to hide file extensions.

So to Joe or Jane Personnel Manager, the malware would just look like “Resume” or something similar. If he or she were to double-click on it, the application would install the Bredolab Trojan, which burrows deep into a PC’s operating system.

The incident in the IC3 report matches that description. The malware “allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts.”

According to Robert McMillan of IDG News Service, the people behind this “often target small businesses that use regional banks or credit unions, which often don't have the resources to identify and block the fraudulent transfers.”

He recommends that businesses stop asking for attachments and instead request plain-text resumes, and if they have doubts about a Word file, to open it in Google Docs.

The IC3 and FBI suggest that virus scans be run on all e-mail attachments, and that businesses use separate computer systems for financial transactions from those used for daily office tasks.

SecurityNewsDaily has an additional recommendation: All Windows users should go into Control Panel, select “Folder Options,” click the View tab and uncheck the box labeled “Hide extensions for known file types.”