Google applicants targeted by phony job application response

People who have applied for a position at Google are in danger of being duped by a malicious email purporting to come from Google, thanking the recipients for sending in their CV and asking them to review their application found in the attachment:

While this email presents comparatively little danger to people who haven’t applied for a job at the dot com giant, the lack of spelling and grammatical errors usually present in malicious emails and the simple but legitimate look of the message might fool those who HAVE contacted Google for a position.

Websense warns that the attached CV-20100120-112.zip file contains a malicious payload that, so far, doesn’t get detected by most anti-malware solutions. When unzipped, the file looks rather suspicious, and the knowing user could notice that it is actually an executable – even though the criminals tried to make it look like an .htm file by putting a lot of spaces in between the fake and real extension.




Share this