Displaying the subject line, "Resume," the malicious spam mails carry brief messages such as "Please find attached my CV" or "Attached, please find."

The fake, destructive attachment may appear differently named. Reports AppRiver, a messaging security provider, there is one electronic mail of the kind, which contains a file labeled CV.html. In another instance, MX Lab, an e-mail security vender caught an e-mail disseminating Resume.html. All these HTML files represent plain redirectors; however, they're obfuscated with a JavaScript so they can evade common spam filters.

Thus, if the e-mail recipient views any of the HTML files, the included JavaScript becomes active that in turn diverts him onto a genuine website, although malevolent.

This malevolent site shows a message -"PLEASE WAITING 4 SECOND." And while those 4 seconds run, an iFrame secretly pulls down malware from still one more website with which further malicious software is downloaded and run on the victim's machine.

The objective, all the while, is to trigger a typically bogus anti-virus scan, which sets fake alerts that there is malware on the user's PC so he must download a certain executable file. But that .exe file in reality is a scareware installer that pretends to be an authentic anti-virus. Moreover, it blasts the victim's PC with bogus security warnings related to malware until he willingly spends on security software's license that is actually worthless.

Sadly, people who get victimized with such scams don't just lose their precious funds, but have personal payments cards compromised as well.

Reportedly, from the total 42 anti-virus applications that VirusTotal considers, merely 19 identified the scareware, which the current attackers used, as malicious.

Remarking about this attack, specialists state that it's the first one witnessed during the recent period i.e. the technique utilized together with scareware campaigns, indicating that it's being picked up in other spam runs too.