Job application e-mails carry banking Trojan

The FBI-backed Internet Crime Complaint Center (IC3) has issued a warning yesterday about the rise in Automated Clearing House fraud aimed at businesses across the country.

The cyber criminals target businesses who have recently placed job postings on employment websites, and sneak malware in the computers by seemingly sending job applications with attached CVs to the e-mail address identified in the posting.

Unfortunately for the victims, the attached CVs are actually variant of the Bredolab Trojan. Once the attachment is unzipped and the Trojan installed, it secretly downloads information-stealing malware – usually a Zeus Trojan variant – on the target computer.

In one particular case presented by IC3, a US business was defrauded of $150,000 when the attackers managed to obtain the online banking credentials of the person authorized to conduct financial transactions within the company, and sent the aforementioned money to three accounts – one in the Ukraine and two in the US – via wire transfer.

According to SonicWALL, a campaign like that was launched back in July 2010, with the e-mail taking the following form:

Along with the warning, the FBI recommends running a virus scan prior to opening any e-mail attachments and that businesses use separate computer systems to conduct financial transactions.