Select Website 

Recruitment Directory's Blog - Australia's #1 Recruitment Technology Blog!

Back to Menu Back to Menu

Please review my CV - Trojan Horse

Posted By: Thomas Shaw, 10:31pm Tuesday 11 May 2010    Print Article

Do you virus scan all candidate resumes and other documents before you open them? Chances are YOU may be the perfect candidate these people are looking for.

I have seen a number of these emails this week targeting recruiters. The email sender and contents looks legit and it is a very simple message saying "please review my CV" accompanied by an attachment with the word "resume" in it.

Guess what. When you open the ZIP attachment, you come across another file which looks like it is the candidates resume. But it is actually an executable program (exe) containing a trojan horse called "trojan.sasfis".

The email (and attachment) is not immediately picked up by anti virus software until you extract or run the executable program within the ZIP file.

The virus has been around for a few months and can allow an outside attacker access to personal information or other stored data on the affected computer.

Trojan.Sasfis can compromise the computer that it is installed on allowing a remote attacker to gain access. Trojan.Sasfis should be removed immediately after detection to limit further destruction. You can read a summary and technical details of the threat here.

UPDATE 13/5/2010 Websense Security Labs have confirmed the malware spam "Please review my CV, Thank you!". You can read the full assessment here.








Article URL: http://www.recruitmentdirectory.com.au/Blog/please-review-my-cv-trojan-horse-a363.html

Article Tags: virus resume job board recruitment website antivirus software resume virus security trojan horse trojan sasfis candidate resume

Comments Hide Comments (3)

Feel free to join in on the conversation. All comments are moderated before publishing. Comments posted by subscribers don't necessarily reflect the views of Recruitment Directory.

akz (11:15pm Tuesday 11 May 2010)

Got one of these today. Didn't feel right, so ran anti virus scan on it. Luckily did not open up the zip file.

There are also a few going round where the Resume is an HTML file - also worth double checking those. Be aware!
DmitryK (10:45am Wednesday 12 May 2010)

Sometimes people setup their antivirus software not to scan archives (zip, rar etc) for various reasons (e.g. performance). In order to be fully protected, please make sure you DO scan these files. The bad guys (sending "resume" in a zip file) were hoping just for this sort of situation.

Also if you received a file, which you are not 100% sure about - use a free service provided by VirusTotal http://www.virustotal.com to scan this suspicious file before opening it. VirusTotal have multiple antiviruses available for you to scan this file automatically in parallel to provide you with an aggregated result on a single web page.
Neil (11:30pm Wednesday 12 May 2010)

I got one too, I just deleted it. It looked suspect because it was delivered to my personal email account and it wasn't even addressed to me!
Your Name: * Required
Your Email Address: * Required
Website URL:
Comments: * Required
Refresh
Enter the code you see in the image above (case sensitive). Click on the image to refresh it.
 


Back to Menu Back to Menu



Random Blog Articles

Jobvite Share
Published: 11:40am Monday 29 March 2010

Maximising the use of Social Networking sites for HR
Published: 11:25pm Thursday 04 June 2009

How long do you keep the candidates application for?
Published: 5:37pm Tuesday 16 March 2010

Hijacking Competitors Job Adverts
Published: 12:21pm Friday 24 July 2009

The ooops tips for job adverts Feb 2009
Published: 6:40pm Sunday 08 February 2009