The correct CV(or malware)

Today we have observed some messages which at first glance appeared to be somebody trying to correct their mistakes on the CV they sent out.

All messages had the same body text that read as follows:

Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.

I have just spotted a mistake on the CV I sent in which my email was incorrect.

Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.

My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.doc.exe

The link was broken.

It was obvious that somebody was trying to trick people into downloading executable files disguised as CV documents but had made some mistakes in the course of doing so.

Then at a later time during the day, this was observed in quantity:

Thank you for the chat yesterday, it really helped me get a clearer idea
of recruitment as well as exploring any potential opportunity.

I have just spotted a mistake on the CV I sent in which my email was incorrect.

Apologies for any inconvenience caused if you have already sent me any information on anything we discussed.

My CV is an updated!
CV with the correct email on this link: http://<censored>/mycv.docx

It is exactly the same text body except the last line.

The link is now live, and the linked file is detected by Sophos as Mal/Zbot-U.

cloudprotection.pandasecurity.com XSS

searchsecuritychannel.techtarget.com XSS

securitycenter.verisign.com XSS