Fake job listings allowing malware piggy-backing

1 min read

Several major firms have been hit by malware piggy-backing its way on to company servers via fake job listings on Internet ads and emails, according to the Reuters newswire.

It cites the US Department of Transportation, Hewlett-Packard, Hughes Network Systems and Unisys as being amongst US companies hit. Geoff Sweeney, CTO of behavioural analysis IT security firm Tier-3, says that the fake job ads and emails acted as a conduit for the latest forms of malware, which can hit a company’s IT systems if their IT security is not wide-ranging enough and kept up to date. “IT managers need to review their IT security needs regularly and ensure that the software is updated constantly, by monitoring the dashboard or console of the packages concerned,” he warns. “Ideally, a single dashboard, which controls multiple IT security applications – even from different vendors – should be installed. This tells the IT manager at a glance the status of their security software.” he adds. According to Sweeney, manufacturers should also consider installing ‘behavioural analysis’ IT security software to act as a safety net if some of the latest malware does make it onto their company systems. “Even if the malware does take hold after the employee reads or clicks on what appears to be an interesting job offer, good behavioural software will lock down any unusual memory activity associated with the malware, before it does any harm,” he says.