A new spam campaign gives the phrase “too good to be true” a whole new spin: spammed messages purporting to come from Google in response to job applications. While most spammed messages take advantage of a specific special occasion, holiday, or even a currently newsworthy item, spammers have hit a new low with their latest scheme.
Taking the form of job application responses from Google, the email even sports the official Google logo with an accompanied legitimate From: address. With close-to-perfect grammar and syntax (unlike most known spammed messages), it is becoming even trickier to distinguish real email messages from fake ones. And why would users not want to believe what the message says? Google has always been commended for being a more-than-ideal workplace. Receiving word regarding a job application from the company is thus great news indeed. But is viewing a suspicious-looking email message, especially if you did not even send an application in the first place, worth infecting your computer?
The latter part of the spammed message is even more suspicious, as it asks the recipient to download a .ZIP file attachment, CV-20100120-112.ZIP, which then opens a prompt to download the file with a different name (document.doc) and a hidden extension (.EXE), detected by Trend Micro as WORM_SPYBOT.MCP.
Cybercriminals have also been known to make use of spaces to hide the real extension names of file attachments. The same technique was used in this scam, making it seem that the extension is .DOC when it is actually .EXE.
Trend Micro™ Smart Protection Network™ protects users from this kind of threat by preventing the spammed messages from even reaching their inboxes and detecting and deleting files detected as WORM_SPYBOT.MCP.
Non-Trend Micro product users, on the other hand, can also stay protected via HouseCall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware from infected systems.