[Warning] Malicious e-mail masqueraded as a resume written in Korean

1. Introduction

Recently, malicious e-mail is masqueraded as a resume written in Korean was found. 
Since this e-mail already contains executable malicious file in itself, executing that attachment will infect user's PC.
Therefore, user needs to be careful while downloading or executing attachments.

2. Spreading path and symptoms of infection

This e-mail looks like containing normal but is actually masqueraded as an ordinary one including resume file and personal profile and induces user to download and decompress.

"Resume.chm(101,511 bytes)" locates inside of "Resume.rar(98,006 bytes)".
Upon running "Resume.chm", malicious "svchost.exe" will also be run at the same time.

* What is CHM File?

Microsoft Compiled HTML Help is a Microsoft proprietary online help format. It was introduced as the successor to Microsoft WinHelp with the release of Windows 98, and is still supported in Windows 7.
Help is delivered as a binary file with the .chm. It contains a set of HTML files, a hyperlinked table of contents, and an index file.

To decompress .chm file, you can see these files as following:

When executing "Resume.chm", you can find resume and personal information such as following figure.

On executing chm file, THE malicious "svchost.exe" including Active Content will be executed according to "launch.htm".

When "svchost.exe" is executed, it will overwrite itself and each path of executing normal processes will be backed up without its extensions.
After the process, since infected malicious file will be associated with normal file, if an infected user tries to execute malicious file, actually overwritten of normal file, it will work as a normal file but behave malicious functions.

This following figure briefs infected method and symptoms.

* Infected symptoms of malicious "Svchost.exe"

Upon execution, it will generate another malicious file in this following path.

[Information of generated file]
C:\Windows\Downloaded Program Files\svchost.exe (307,200 bytes)

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function and runs responding system against various security threats.


  1. I am sure that here you can find useful advices about writing math homework. It helped me a lot when I was in college.

  2. Need to submit your law assignment urgently? Come at StudentsAssignmentHelp.com and take our Law Assignment Help services at a cheap price. We have a team of highly qualified and certified experts in the field that make sure all your work is submitted well.

  3. Hi there, You've done an incredible job. I will definitely digg it and in my view suggest to my friends.I am sure they will be benefited from this web site.

  4. shareit apk
    shareit for android
    shareit for pc
    shareit for ios
    shareit pc
    We have a team of highly qualified and certified experts in the field that make sure all your work is submitted well.


  5. We do not trust educated people and rarely,
    paper writing services alas, produce them, for we do not trust the independence of mind which alone makes a genuine education possible.

  6. Quickbooks is one of the most popular accounting software tool out there, it solves all your accounting needs, stores data, registry and much more. If you face any problem relating to your Quickbooks check QB errors

  7. While at home, you do not have to spend a lot of time studying, you can always greatly simplify your task by ordering various written works on the website https://bestessaytyper.com/do-my-assignment

  8. گرین وال ( Green Wall ) ، دیواری است که بخشی از آن یا تمام آن دارای پوشش گیاهی است. در سال های اخیر از این متد برای زیباسازی محیط در مکان مختلفی از جمله رستوران ها، ادارات و حتی داخل یا حیاط منازل استفاده می شود. برای اطلاعات بیشتر و آشنایی با گرین وال یا دیوار سبز به سایت ایوان سبز مراجعه نمایید.

  9. پارچ تصفیه آب هیتما با ظرفیت 2500 میلی لیترو مجهز به فیلتر تصفیه آب است. طراحی زیبا ، ظرافت بالا و کیفیت بسیار عالی این دستگاه باعث شده که این دستگاه را از نمونه‌های شبیه آن در بازار متمایز می نماید، همچنین شما میتوانید زمان شروع استفاده از دستگاه و تعداد خانوار را انتخاب کند و پس از انتخاب تاریخ اتمام فیلتر دستگاه را برروی آن مشاهده کند. برای خرید این محصول میتوانید به وب سایت هیتما مراجعه کنید.