Virus warning to HR Departments

David Heath
Thursday, 13 May 2010 14:29

Business IT - Security

A new round of targeted malware emails has been seen in the past few hours.  HR teams should not open emails purportedly containing unrequested resumes.

Websense has just reported that a large number of emails have been sent to the HR Departments of a variety of companies in the hope of having the recipients open the attached 'resume' in order to become infected with the Oficla bot.

The email (a copy of which is visible at the above link) may be distinguished by the fact that it is entirely generic and makes to reference to the position being applied for.

Once installed, the malware will change the screen wallpaper and request the user downloads a (fake) AV package to repair the problem.

At the time of writing, the VirusTotal website reports that 22 out of 41 AV products will correctly identify the malware - expect the remainder to be covered within the next 24 hours.

Command & Control for the malware is handled through the sites davidopolko.ru, topcarmitsubishi.com.br, get-money-now.net, mamapapalol.com and li1i16b0.com; IT admins might be wise to exclude these sites from outbound connection at their proxy servers.

Carl Leonard, the Security Research Manager at Websense said, "HR departments are used to receiving CVs over email and this kind of malicious activity is indicative of the modern day hacker. The Broad-brush approach to seeding malware is now out of favour; fraudsters know they can infect more computers, and steal more data, if they use techniques that fit the target.

"To defend against modern malware a business should have comprehensive content security protection that moves in tandem with the ever advancing cybercrime community. A business seriously needs to consider a solution that will provide it with real time security across multiple platforms. This is the only way to mitigate the threat of the modern day cyber criminal."