A virus that targeted Craigslist job posting has been on the rise recently. This particular malware campaign has been enjoying a fair bit of success because the attacks are specifically aimed at businesses that use Craigslist for job recruitment. Cyber-criminals search for job postings, then send a fake response to the ad with the attached résumé (often in the form of a Word document). This type of social engineering are also applied to other job posting platforms where HR executives are expecting emails from potential recruits.
How It Spreads
First an email will be sent to the HR department with an attachment titled “resume.doc” or something similar in response to a job posting. As the HR is expecting resume emails, the chances of opening the email are very high. The virus will also spread itself quickly to the contracts list of the infected HR. The particular virus associated with this malware campaign is called “Trojan-Downloader:W32/Wauchos”.
How It Works
The virus will need to be executed by enabling the macros in the word document that is in the email. Since Word no longer runs macros by default, the hackers will has to trick the recipients into running it. Here is how they do it
As always, we advise clients to take a layered approached when it comes to security as just any one method will not guarantee complete security on itself. Here are the few approaches you can take to protect yourself against this or any other malwares.
Anti Virus (AV)
The simplest method is engaging an AV that block the virus when it runs and try to do funny stuff to your computer. Of course for an AV to be effective, it has to to constantly checked and updated. If you are still on the legacy AV where you need to check and update each one manually, you may want to consider switching to our best in class Managed AV where the AV status health is available at a glance and updates are managed in real time to ensure a secured AV network.
Anti Spam (AS)
Sometime there are what we called Zero Day attacks, where the malware is just created and no AV vendor is able to detect it. When that happened, we will need to stop the virus from entering your network system by blocking them with an email filtering service such as Total Email Protection. Any suspicious emails picked up by the AS will be contained in a special quarantine area requesting your permission before releasing them. Another benefits of using an AS is increasing the employees’ productivity as it removes unnecessary spam.
A firewall is key to many companies’ security for detecting and blocking suspicious traffic across the network. Say for example you want to block Dropbox from being used on the company’s network (which you should), it will block all traffic to and from Dropbox. This can be applied to the traffic that is being used by the malware to communicate with its headquarter.
By educating and updating the employees’ on the Dos and Don’ts, you can significantly reduce the risk to the company’s IT network. In this case upon opening the Word document, when you are asked to enable Macros, that should raise an alarm that this is not a normal resume email. You should either called the sender directly or delete the email. There are still moments of lapses in an employee’s awareness which creates an opportunity for the malware, and it is best to have the other approaches put in place to reduce that chance.
At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection,contact us for more information.