Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

Please review my CV - Trojan Horse

Posted By: Thomas Shaw, 10:31pm Tuesday 11 May 2010    Print Article

Do you virus scan all candidate resumes and other documents before you open them? Chances are YOU may be the perfect candidate these people are looking for.

I have seen a number of these emails this week targeting recruiters. The email sender and contents looks legit and it is a very simple message saying "please review my CV" accompanied by an attachment with the word "resume" in it.

Guess what. When you open the ZIP attachment, you come across another file which looks like it is the candidates resume. But it is actually an executable program (exe) containing a trojan horse called "trojan.sasfis".

The email (and attachment) is not immediately picked up by anti virus software until you extract or run the executable program within the ZIP file.

The virus has been around for a few months and can allow an outside attacker access to personal information or other stored data on the affected computer.

Trojan.Sasfis can compromise the computer that it is installed on allowing a remote attacker to gain access. Trojan.Sasfis should be removed immediately after detection to limit further destruction. You can read a summary and technical details of the threat here.

UPDATE 13/5/2010 Websense Security Labs have confirmed the malware spam "Please review my CV, Thank you!". You can read the full assessment here.








Article URL: http://www.recruitmentdirectory.com.au/Blog/please-review-my-cv-trojan-horse-a363.html

Article Tags: virus resume job board recruitment website antivirus software resume virus security trojan horse trojan sasfis candidate resume

Comments Hide Comments (3)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

akz (11:15pm Tuesday 11 May 2010)

Got one of these today. Didn't feel right, so ran anti virus scan on it. Luckily did not open up the zip file.

There are also a few going round where the Resume is an HTML file - also worth double checking those. Be aware!
DmitryK (10:45am Wednesday 12 May 2010)

Sometimes people setup their antivirus software not to scan archives (zip, rar etc) for various reasons (e.g. performance). In order to be fully protected, please make sure you DO scan these files. The bad guys (sending "resume" in a zip file) were hoping just for this sort of situation.

Also if you received a file, which you are not 100% sure about - use a free service provided by VirusTotal http://www.virustotal.com to scan this suspicious file before opening it. VirusTotal have multiple antiviruses available for you to scan this file automatically in parallel to provide you with an aggregated result on a single web page.
Neil (11:30pm Wednesday 12 May 2010)

I got one too, I just deleted it. It looked suspect because it was delivered to my personal email account and it wasn't even addressed to me!
Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

How secure is your Recruitment website? DDoS Attacks
Published: 11:58am Tuesday 17 November 2009

Taking your job search to the next level with Social Networking
Published: 3:29pm Thursday 23 April 2009

Inspecht releases 21st Century Recruiting eBook
Published: 4:30pm Thursday 18 December 2008

Hide recruiter job adverts? No thanks
Published: 1:29pm Thursday 18 December 2008

TribeHQ is coming
Published: 11:50pm Tuesday 27 January 2009