McAfee Labs

Fake Resume Spam Leads to Malware Infection

By on Jun 30, 2010

We just noticed a new wave of fake resume spam that redirects users to a malicious site. We see the resume pages were uploaded to innocent sites in top-level domains of various countries, perhaps in an attempt to internationalize the spam campaign.


The pages contain a small piece of obfuscated JavaScript code that translates into a malicious URL when decoded.

JS 1

JS 2

This malicious domain is also related to other domains that were used in a fake YouTube malware campaign and a Zeus control server. So keep this in mind next time you click on that $100k job offer or suspicious job application from an anonymous sender. McAfee SiteAdvisor technology can help protect users from these kinds of threats.