It looks like there’s a new virus spreading around USF disguised as a resume which is working very well on our clients which I’ve so far seen coming from creativeness@rassil.com (we’re working with ADEx admins to setup a trap for incoming mail which should help alleviate some of the hit).   The ‘resume’ is attached as ‘resume.html’, which turns out to be a little blurb of JavaScript, which is running hex code.  The hex code when converted to ascii can be found to be pointing to (do not go here)

http://www.residentiebeveiligingstechniek.nl/x.html

which then runs

http://brocuphdislock.cz.cc/scanner10/?afid=24

and

http://fast-addon.in/news/index.php?map=rect&vid=4&bid=151&a=get&action=ecard&e=hidden

When a client becomes infected they will see what looks like a Windows XP explorer window containing what you would normally see if you opened ‘My Computer,’ except in this case there are little red flashing icons indicating malware on all drives.  We actually had one customer stifle it’s progress by pulling the plug on her machine before the virus could be fully installed.

This seems to be being caught by Malwarebytes’ AntiMalware successfully, so Safemode as an administrator and scan away!