A few weeks ago I posted an entryabout how malicious software was using stolen personal information tosend spam which made users believe in its authenticity. Recently, we'veacquired another email claiming to come from an employer who has founda resume matching an open position in their company. Again, looking atthe job profile it seems very lucrative with slim to no work involved.
The position is that of a PayPal Account Manager. The only realrequisite for this job is the possession of a valid PayPal account witha verified bank account. The position description even mentions thatpersonal data such as one’s Social Security number and passwords arenot going to be asked for.
We recently analyzed a sample of Infostealer.Monstres, and our colleague Amado posted an interesting entrywith some details of its actions. As the analysis of this threatcontinued, new details emerged. We've been able to acquire some emailtemplates that the Trojan may use to send targeted spam to individuals,using stolen personal information.
The templates acquired all point to the same position. The job isthat of a 'Transfer Manager' at an investment company. The jobdescription states that the position would entail facilitatingfinancial transactions made by the clients of the investment company.The email looks very realistic and may convince many that it has beensent from Monster.com or Careerbuilder.com.
