Massive Data Hack At Monster.com

August 22, 2007 | by Christopher Nickson

Attackers have made off with the personal data of several hundred thousand people from the job site Monster.com, and the phishing mails have already appeared.

If you’ve got your resume posted at Monster.com and it contains a lot of personal details, you might want to worry right now.
 
The job site was attacked and the personal details of hundreds of thousands of users were stolen, according to security firm Symantec.
 
How was it done? The hackers used stolen log-in credentials to access the employers’ section of the site, then harvested names, addresses, phone numbers and e-mail addresses and other information, which were all uploaded to a remote server. They used a new Trojan called Infostealer.Monstres and stole more than 1.6 million records belonging to several hundred thousand people. The Trojan reportedly ran automated searches for resumes of candidates located in certain countries or working in certain fields.
 
That data is then used to send spam of phishing e-mails, and some have already been seen, containing plenty of personal information about the recipient.
 
“The attackers first gather e-mail address and other personal information from resumes posted to Monster.com with Infostealer.Monstres,” said Symantec security analyst Amado Hidalgo. “Next, they will try to infect the computers of those candidates by sending targeted Monster.com phishing mails which install [Banker.c or Gpcoder.e].”
 
Banker.c is a Trojan that monitors the infected PC for log-ons to online banking accounts. It then records the username and password and transmits the data back to hacker HQ. Gpcoder.e, though, is what’s known as ransomware, a Trojan that encrypts files on the hacked computer, then hold those files hostage until the user pays a fee to unlock the data.
 
The nasty part is how Gpcoder.e ends up on your computer. An e-mail, purportedy from Monster, asks you to download the Monster Job Seeker Tool. Such an item doesn’t exist – but you’ve just loaded Gpcoder.e on your machine.

Post Your Comment...Comments

cHINOOKMAN on Aug 22nd, 2007 at 5:30 AM:

Well that provides a warm fuzzy about trusting on-line services such as off-site back up for one's home/business computer data.

Yippee......it would not be so frustrating but I've yet to see a stellar performance or much of any about these scums ever getting prosecuted.

It seems they get rewarded by working for the security companies instead. Yeah that's it reward me for breaking the law. Good thing I had nothing to lose on Monster other then my resume and never did trust them with personal vital info.

Comment on this article




Please keep your comments relevant to this article. Email addresses are not displayed, they are only required to verify you are human.

When you submit your comment, an email will be sent to your email address with a confirmation link. Once you have clicked on that confirmation link your comment will be posted.

HTML is not allowed.


Join our newsletter to keep up to date on the latest Digital Trends content like Videos, Reviews, News and more delivered directly to your email!


Plus, get early access to contests and specials from our partners. Join today!





Loading...