Recruitment sites, the new malware playground

Lia Timson
Thursday, 12 June 2008 08:31

IT People - Enterprise

The previously unseen plot was uncovered by web security company MessageLabs during a routine outbound mail filtering process.

The would-be hacker used a genuine vacancy advertisement on an unnamed large Australian recruitment agency’s site to apply for the job by filling in the mandatory online application form and attaching a covering letter.

The letter was produced in rich text format (RTF) and contained an embedded PDF file of, supposedly, the applicant’s resume. Instead it contained a malicious executable program designed to open the recipient’s systems to back-door trojan attacks.

As it is common with such online application forms, the recruitment agency’s system automatically generated an email and attempted to forward the attachments to the vulnerable employer.

Philip Routley, spokesman for MessageLabs, says it is the first time such tailored attempt has been identified.

“It looks like a genuine letter and has an embedded file that looks like a genuine CV in PDF. It’s a well-crafted application that wouldn’t really raise any alarm bells with a human resources person,” Routley says.

“By double-clicking on the PDF, nothing happens on the screen, but in the background the malicious file embeds itself on the PC and opens the pipe for hackers to potentially steal corporate information.”

Recent recruitment-based malware attempts were linked to unsolicited job applications sent to targeted company’s senior managers and board members. In this case, their details were harnessed from company websites and from hackers disguised as members of business networking sites (Continues on page 2).

Malware infested resume

(Continues on page 2).