McAfee Labs

Fake Resume Spam Leads to Malware Infection

By on Jun 30, 2010

We just noticed a new wave of fake resume spam that redirects users to a malicious site. We see the resume pages were uploaded to innocent sites in top-level domains of various countries, perhaps in an attempt to internationalize the spam campaign.


The pages contain a small piece of obfuscated JavaScript code that translates into a malicious URL when decoded.

JS 1

JS 2

This malicious domain is also related to other domains that were used in a fake YouTube malware campaign and a Zeus control server. So keep this in mind next time you click on that $100k job offer or suspicious job application from an anonymous sender. McAfee SiteAdvisor technology can help protect users from these kinds of threats.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>