The depths which cybercriminals choose to sink into for the sake of financial gain is truly appalling. In the midst of the crisis brought by the global recession, they have managed to come up with illicit schemes that target those people, who despite the desperate times are trying to get through the crisis the proper, lawful way.

Just recently, we have found spam emails posing to be from job search sites Huxley Associates and Jobs.com.

Figure 1.Sample spam email purporting to be from Jobs.com

Figure 2.Sample spam email purporting to be from Huxley Associates

The email message comes as a notification to the recipient that they did not get the job they supposedly applied for.

Figure 3.The malicious attachment

Attached to the message is a .ZIP file, stated to be a copy of the recipients’ application form. However, opening and executing it reveal that the said file is actually a worm detected by Trend Micro as WORM_PROLACO.C. This worm propagates via removable drives and P2P networks. It drops copies of itself in P2P-related shared folders using commonly searched file names of software cracks and ring tones.

In such a dire condition with job losses at every corner, prices going up, and the unpleasant pronouncement “the worst is yet to come,” people are left with no choice but to scramble for every possible job opportunity they could get. Now, what more convenient way to seek more opportunities in such a short time but to look for a job online?

But with job openings rate decreasing, competition tightens, which leads people to become desperate, and more importantly—careless. This is what cybercriminals are counting on at this point, leveraging on the current need of people for a stable job despite the rocky economic conditions. The current global crisis creates a domino effect, which triggers a human vulnerability, now relentlessly exploited by cybercriminals.

Users of the Trend Micro Smart Protection Network are protected from this threat, as both spam message and malicious file are now blocked and detected, respectively. Other users are advised to ignore such email messages, and refrain from opening file attachments from unsolicited emails.