jheary
Distinguished Systems Engineer

Spammers Kick Job Seekers While They Are Down

Analysis
Mar 14, 20093 mins

Yet another malicious email outbreak is soaring around the Internet. This one is specifically targeting those that are job hunting. The email messages masquerade as job offers or responses to job inquiries. The goal of the email is to social engineer the victim into clicking on a malicious attachment. Given the unemployment rate these days, the attack is enjoying a high rate of success. This particular email virus is using Coca-Cola’s™ massive worldwide brand recognition to prey on their victims. One form of the email that appears to come from Coca-Cola™ purports that Coca-Cola™ is undergoing massive hiring for all sorts of positions. Here is a text sample email (from IntelliShield Alert):

Subject Line: Job offer from Coca Cola! Message Body: COCA COLA IS BECOMING THE WORLD’S SECOND LARGEST COMPANY. We are hiring! Are you out of job? Your current job isn’t paying enough? You don’t have proper eductaion for high positions? At Coca Cola everything is possible! We have the budget to hire anyone from any country where our company is present. All you need to do is fill out the form we have attached and get ready to bring your career to the next level and triple your current salary! Our company offers excellent benefits such as 60 days paid vacation, company car, health insurance for you and for your family, option to work from home and friendly work environment. We have open positions in Sales, Marketing, Information Technology, Accounting, Logistics, Engineering, Quality Assurance and much more. None of the positions require any kind of education or work experience! Sign Up The trademarks listed are owned or used under license by The Coca-Cola Company and its related affiliates. These trademarks may be owned or licensed in select locations only. 2009 The Coca-Cola Company, all rights reserved.
The malicious email attachment is a variant of the Vundo family of Trojans and the Ackantta family of worms. The malicious code starts up its own SMTP server, grabs your contact list, and starts sending itself to all you friends. It may also contact websites to download further code, install malevolent security applications, or turn the PC into a Bot. The Ackantta family of worms also propagates by creating and copying itself to the RECYCLERS-1-6-21-2434476521-1645641927-702000330-1542 directory on all removable/USB drives. It then uses the common attack vector of autorun.ini to infect the next victim. If you haven’t done so already be sure to turn off autorun on your PC all of the new bugs are using it to sting you!

The opinions and information presented here are my personal views and not those of my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Cisco enters the crowded AV and DLP client marketCisco’s new ASA code allows you to securely take your Cisco IP Phone with you anywhereCisco targets Symantec, McAfee with its new antivirus client Google’s Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

jheary

Jamey Heary, CCIE #7680, is a Distinguished Systems Engineer at Cisco Systems. Jamey sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey has authored several security books, his latest is Cisco ISE for BYOD and Secure Unified Access. He also has a patent on a new DDoS mitigation and firewall IP reputation technique. Jamey leads numerous security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is also recognized as a Distinguished Speaker at Cisco Live. He has been working in the IT field for 19 years and in IT security for 15 years.

More from this author