Hackers Respond To Help Wanted Ads With Malware

itwbennett writes "The FBI issued a warning Wednesday about a new twist on a long-running computer fraud technique, known as Automated Clearing House fraud. With ACH fraud, criminals install malware on a small business' computer and use it to log into the company's online bank account. In this latest twist on the scam, the criminals are apparently looking for companies that are hiring online and then sending malicious software programs that are doctored to look like job applications. One unnamed company recently lost $150,000 in this way, according to the FBI's Internet Crime Complaint Center. 'The malware was embedded in an e-mail response to a job posting the business placed on an employment website,' the FBI said in a press release. The malware, a variant of the Bredolab Trojan, 'allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.'"

Re:so HR will just open any file? or is a word mac

[fuzzyfuzzyfungus]

I'm guessing that that is why they are hitting small businesses...

Stole from the company?

[AK+Marc]

I'm confused. If I walk up to a bank, write a with withdrawal in someone else's name, then hold up the bank ordering them to honor that withdrawal slip, did I steal from the bank, or from the person who's name I forged on the withdrawal slip?

Identity theft and "unauthorized access" and taking the money from an account holder is as absurd as a bank getting robbed and taking it from the last deposits made to the bank and not from their general coffers. It was never done that way before, so why is it done that way now?

How small is small?

[stomv]

If we are talking "small business" 'HR' is likely the owner or one of his immediate subordinates checking his email in what is otherwise(from an IT setup) disturbingly like a home environment.

A common mistake is to assume that in tUSA, "small business" means "mom and pop." In fact, the Small Business Association (SBA) defines a business as small based on number of employees, and though it depends on industry, it typically is 500 (source).

It's true that, by sheer quantity, most businesses are small. There's only 500 Fortune 500 companies, but a zillion hot dog stands. In terms of number of employees or revenue or profits or any other number of factors, many small businesses aren't so small after all.

Re:so HR will just open any file? or is a word mac

[EETech1]

My old boss moved back home and worked out a spiffy job doing govt contracts and he had 4 others working for him at the time, and I was considering being the 5th, so I went down to interview and work there for a week training his new people, and he told me proudly that he was the resident IT professional as well, and I warned him that he should be hiring someone to do that full time, he seemed offended.

The next day, I introduced him to BackTrack and we decided to take some time and try to hack his network. Needless to say we were in his WEP secured network within 5 minutes, and within 15 minutes more we were happily browsing files on the Drobo connected to his laptop in his office!

I then went back to my hotel around the corner, and was easily able to see his network traffic from the hotel network, and grab his emails and other communications with wireshark!

I didnt take the job, so the IT guy was employee #5, and he spent weeks removing all the crap he found!

Cheers!

Re:so HR will just open any file? or is a word mac

[0100010001010011]

Have you met anyone from HR?

You could name it NotAVirus.jpg.zip.exe, send it to them with a "My Resume" subject and it'd almost guarantee being opened.