We recently heard about a Trojan that uses job applications as a means for spreading malware. As our company is...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
looking to hire more people in the coming months, our security team is worried we could be a target. Are the defenses against such targeted attacks roughly similar to those against other social engineering attacks (e.g., employee awareness), or are there other tactics we can also use?
The FBI issued a warning Jan. 19, 2011, about attacks using the Bredolab Trojan to target businesses advertising job postings. Job searching systems have been vehicles for malware attacks and phishing previously, such as in the USAJOBs attack from 2009. The best defenses against attacks using the Bredolab virus spreading Trojan are similar to those used against other social engineering attacks or malware.
One of the recommendations in the FBI warning is to check all email attachments for viruses prior to opening them. This is sound advice when you need to open attachments from people you do not know, but, given the current state of antivirus software, you may want to ensure you are using multiple antimalware products when performing these checks to minimize the chance that targeted malware goes undetected. You may even want to have this check done automatically on the resume submission system so the resumes are scanned before users can even open the files.
There are other tactics that could be used to secure the system of the person initially receiving resumes. Some potential defenses include automatically converting files to different formats, such as Word documents to PDFs and PDFs to JPGs. Converting the document to a different format can prevent, for example, an attack from exploiting a flaw in Word because the file will be running in your PDF reader, or an attack on your PDF reader because the file will be running in your image viewer. Once the converted resume has been manually reviewed, the original source could be used with caution. Also, for businesses that search resumes for keywords prior to review, the parsed document could be used for the initial review before using the original source. You could also open files on a terminal server or virtual machine to determine whether any particular file is malicious, as this would prevent it from having access to the local system or, potentially, to the network, should it be infected with malware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.