Malicious Google Job Application Response

Posted on Monday, February 01, 2010 @ 14:53:53 PST in Security: Websense
by Raven

Websense Security Labs(tm) ThreatSeeker(tm) Network has discovered a new malicious spam campaign that spoofs Google job application responses. The messages look very well written and are so believable that they are probably scrapes from actual Google job application responses. Typically, spam has grammatical errors or spelling mistakes that make the messages obviously unofficial and act as red flags. The text of these messages, however, has no such mistakes, making them much more believable--especially if the target really has applied for a job with Google.

The From: address is even spoofed to fool victims into believing the message was sent by Google. The messages have an attached file called CV-20100120-112.zip that contains a malicious payload. This is where the message gets suspicious, because the contents of the .zip file have a double extension ending with .exe. The attackers attempt to hide the .exe extension by preceding it with .html or .pdf, followed by a number of spaces and then the .exe extension. The .exe file (SHA1:80366cde71b84606ce8ecf62b5bd2e459c54942e) has little AV coverage at the moment.

To view the details of this alert Click here
 
 
click Related        click Share
 
 
Associated Topics

Internet


Security
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,967,855
  • Today: 14,881
Server InfoServer Info
  • Oct 23, 2018
  • 04:16 am PDT
 
 

Daily Inspiration