Published February 27, 2015
Reports of "Craigslist résumé" viruses have skyrocketed in recent months. Some of our clients here at New River Computing have unfortunately fallen victim to this recent outbreak. Thankfully, we've been successful at cleaning up the aftermath, but often the remediation process is long and arduous due to the sophistication of the malware.
This particular malware campaign has been enjoying a fair bit of success because the attacks are specifically aimed at businesses that use Craigslist for job recruitment. Cyber-criminals search for job postings, then send a fake response to the ad with the attached résumé (often in the form of a Word document) which serves as the delivery method for the virus. Once the message is read, the user, thinking the sender is a legitimate job applicant, opens the attached “fake résumé” file, triggering the malware to install and compromise the computer. This particular virus associated with this malware campaign is called "Trojan-Downloader:W32/Wauchos."
Trojan-Downloader:W32/Wauchos is known to be distributed as disguised executable files attached to spam e-mail messages. If the attachment is run, the malware will attempt to contact multiple remote servers. If successfully contacted, it will then download additional malware onto the system, such as Trojan:W32/Cridex or Trojan-Spy:W32/Zbot.
No antivirus software can keep businesses 100% safe from all forms of viruses and malware. Unfortunately it takes antivirus companies an average of about six hours to update their malware definitions, once they know about the malware. Recent catch rates from top antivirus software run at best between 80% – 90%. This means that user education still remains the BEST first line of defense against malware. Be cautious and NEVER open a file that you aren’t 110% positive is from a trusted source.