Google Job Application Phishing Email
GSA Reference Number: AD100201-01
Simply Put: A fraudulent email is currently circulating that appears to be from Google in response to a job application. The email scam informs recipients that their application has been received and that it is attached in a zip file. The zip file contains a malicious executable that is identified as a Trojan downloader.
Attack Details: The email appears to be from Google and the subject of the email states “Thank you from Google!“ The email also includes an zip file attachment with a malicious executable. The file name appears to be something similar to “document.htm,” but in reality it uses trailing spaces and is “document.htm .exe,” according to the Websense advisory. The executable has some coverage on Virus Total, with 10 of 40 different vendors recognizing it as malicious in some way (link). Microsoft’s antivirus engine places the malware in the Prolaco family. An image of the phishing email can be found in the Websense Advisory.
Countermeasures: Users should be notified of the email immediately and informed to delete the email. Any currently infected machines should be removed from the network and the necessary incident response measures enacted. Gladiator has added recognition patterns to our eShield email service to deny emails matching the current phishing scheme and will continue to block sites at the firewall if they are found to be hosting this scam.
Reference Links:
- Websense Advisory (http://securitylabs.websense.com/content/Alerts/3543.aspx?cmpid=slalert)