CareerBuilder accidentally turns Malware builder

It is bad but kinda funny

Here is the kicker

The actual payload that is dropped on the victim’s computer once the attachment is opened, is likely to slip past defenses, because it is concealed in an image.


From the article:

When a resume is submitted, CareerBuilder automatically sends a notification email to the company that posted the ad, along with the resume attached to it.


In this particular case, when the end-user opens the email and attempts to view the attachment, the document exploits a known vulnerability in Word to place a malicious binary on the user’s system. The binary then contacts a command and control server, which downloads and unzips a image file, which in turn drops a backdoor dubbed Sheldor on the victim’s computer, Proofpoint said in a blog post describing the attack.


For more info, follow the link below:
http://www.darkreading.com/vulnerabilities---threats/careerbuilder-attack-sends-malware-rigged-resumes-to-businesses/d/d-id/1320236