A Job Applicant? Nope, It's A Malware Attack

Cybercriminals burying malicious code in responses to job postings, IC3 says

Dark Reading Staff, Dark Reading

January 20, 2011

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Cybercriminals engaging in ACH/wire transfer fraud are targeting businesses by responding via email to employment opportunities posted online, according to federal authorities.

A warning from the Internet Crime Complaint Center yesterday stated that more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an email the business received that contained malware.

According to FBI researchers, the malware was embedded in an email response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.

The malicious actor changed the account settings to allow the sending of wire transfers -- one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the Zeus/Zbot Trojan, which is commonly used by cybercriminals to defraud businesses.

The FBI recommends that potential employers remain vigilant in opening the emails of prospective employees. The agency advises running a virus scan prior to opening any email attachments, and says businesses should use separate computer systems to conduct financial transactions.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights