A targeted attack aimed at human resources departments and hiring managers in the U.S. and Europe was spotted this week -- and sent 250,000 emails during a four-hour period yesterday at the height of the assault.
TrendLabs has recently spotted an email spam campaign that contains just one line of text:
The Resume_document_589.zip file attached to the message is supposed to be the CV in question, but is actually a zipped-up malicious .exe file that drops a Trojan downloader into the victim's system.The attack had morphed today, with a modified binary, and a different subject line and email message. The theme was the same, though: a prospective application with a CV attached. A CV campaign is still ongoing right now [as of 5:30 UK time], sending to hundreds of thousands of recipients.
Most users and especially HR managers wouldn't be fooled into opening the attachment, but for those who are not familiar with this type of spam, the curiosity might prove too much.
It is good to remember that unsolicited emails should be carefully analyzed - if you're not expecting such an email, and you don't recognize the sender's name or email address, it is best to pass up on opening attachments or following embedded links.
netizens left a footprint.