A scam that targets businesses posting help-wanted ads online has already fleeced one company of $150,000, according to an advisory from the FBI that warns other businesses to be wary.

The emails, which are sent in response to ads placed on employment websites, contain attachments that when opened infect the user's PC with malware. Once the machine is compromised, the hackers use it to access the victim's online bank account. The scam recently took one unnamed business for $150,000, according to the FBI's Internet Crime Complaint Center.

“The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts,” Wednesday's advisory stated. “The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses.”

The campaign has been around since at least July, SonicWall said here. ®

Related stories

• ZeuS blackhats target online payment providers (21 January 2011)

  https://www.theregister.com/2011/01/21/zeus_payment_provider_diversification/

• Bot attacks Linux and Mac but can't lock down its booty (19 January 2011)

  https://www.theregister.com/2011/01/19/mac_linux_bot_vulnerabilities/

• Lame Stuxnet worm 'full of errors', says security consultant (19 January 2011)

  https://www.theregister.com/2011/01/19/stuxnet_male_decry_security_researchers/

• Russian ransomware SMS smut-scam raised $30k (13 January 2011)

  https://www.theregister.com/2011/01/13/sms_ransomware/

• Bogus Kama Sutra presentation opens your backdoor to hackers (12 January 2011)

  https://www.theregister.com/2011/01/12/powerpoint_backdoor_trojan_wheeze/