Research and threat analysis organisation Barracuda Labs’ spam monitoring has detected a targeted, blended attack against HR professionals.

The attack is contained within spam messages that are sent in the form of a CV from a job applicant.

Dave Michmerhuizen, security researcher at Barracuda Networks, says: “Opening the ‘resume’ or ‘CV’ brings up a cunningly crafted word document.

“There is no text in this document at all. The only content is an embedded spyware executable with a caption. The caption tries to convince you that Microsoft Word has crashed. It explicitly instructs you to double-click on the icon to reload and restart MS Word.

“If you do double-click anywhere on this icon or its caption you are actually extracting the spyware from the document and running it. You do get a security warning, but since the ‘error message’ warned you that you would be restarting Word it might be easy to overlook that.

“Click ‘Run’ and you’ve just installed Trojan.SpyEye on your computer. This nasty program hides in the background and monitors your internet traffic looking for usernames and passwords. Every few minutes it sends what it has to a command and control server, in this case a computer hosted in Israel.”