A new spam campaign has been discovered spoofing job-application-related emails. While most spammed messages have been known to take advantage of a specific occasion, a holiday, or even a currently newsworthy item, spammers have hit a new low with this scheme.

The sample in Figure 1 contains a short body text that says “Please review my CV, Thank you!” The email also comes with a .ZIP file attachment. Once opened, the .ZIP file executes a malicious .EXE file named Resume_document_589.exe, detected by Trend Micro as TROJ_OFICLA.AB. When executed, it drops its component file, TROJ_DLOADR.SMVE, onto users’ systems. This was found to be the same downloader found in a similar spam run.

Job spam is no longer a novel enticement to lure users into malicious tactics. While the one-liner in the body text may be far from convincing to the more experienced user, first timers who chance upon the spam may still unwittingly open the attachment out of mere curiosity. Recipients are thus advised to constantly exercise caution when opening email messages and when executing file attachments.

Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from even reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains that host malware-ridden files via the Web reputation service. It also prevents the download and execution of the related malware, TROJ_OFICLA.AB and TROJ_DLOADR.SMVE, on affected systems via the Trend Micro file reputation service.

Non-Trend Micro product users can also stay protected from similar attacks by using eMail ID, a free tool that uses a two-step verification process to help users quickly find legitimate messages in their inboxes.