What is it? An email claiming to be about a job application will lead the recipients to potentially unwanted installs and / or offers.
Why is it a problem? Emails from unfamiliar sources claiming to be about jobs can (in the worst case situations) often turn the recipient into a money mule, and that isn’t something you want to be getting involved with.
Do we detect it? Yes, we detect the offered installer as PUP.Optional.Bandoo (VirusTotal score: 4/50)
Here, then, is the email in question:
It reads as follows:
RE: Your Job Application
Thank you for your recent job application. We have reviewed it and have good news for you. We’d like to hire you, plus pay for your to get trained on the job.
If you are still searching for employment, we encourage you to go to our site and fill out some additional information. You’ll find the link below: APPLY TODAY
Regards, Career Services Dept.
If you’re no longer interested, please feel free to Go Here at anytime. Also, If you are not the person who applied, please disregard this email.
Clicking the first link in the mail takes the end-user to an iLivid install:
From this install, we have an ASK Toolbar, iLivid itself and the Torch Browser (along with links to Youtube and Facebook on the desktop):
I tried clicking the email links while showing myself as being in a number of geographical locations, and all but one took me to an iLivid install. Here’s the one that didn’t:
No matter what I tried, there was nothing to be seen in terms of this mysterious job application I supposedly sent out. On the bright side, I might win an iPad. So there’s that.
The promise of free gifts aside, stick to reputable job search websites and places where you can cross reference and fact check that what you’re seeing is the real deal – jobs advertised on Linkedin are ideal for that sort of thing. Resist the temptation to respond to messages such as the above, and always be cautious of clicking on links.
You never quite know what you’ll end up with (but it probably won’t be a job).
Christopher Boyd
