Only 3 days after users were threatened by a Trojan-laden ad, an outbreak of a multi-stage phishing attack, initiated by a Trojan horse, has been unleashed on Monster.com.
The Trojan horse, Infostealer.Monstres initially got into Monster.com by using legitimate log-ins, probably stolen from personnel who have access to the “Monster for employers” areas of the site. Once on Monster’s servers, the Trojan horse ran amok collecting personal user data. The personal information downloaded from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers.
With this stolen information, scammers can then make a credible phishing email. Not only can the phishing email provide them with critical user information, but it also also comes with 2 other pieces of malware. One is a common information-stealing Trojan horse, Banker.c, that monitors the infected PC for log-ons to online banking accounts and then transmits the data back to the hackers.
The second is a bit more nefarious. An article at ComputerWorld explains:
Infostealer.Monstres’ second-stage attack, which uses Gpcoder, is especially insidious. Realistic-looking e-mails that contain convincing personal information — the very information stolen from Monster.com — instruct the recipient to download a program called “Monster Job Seeker Tool.” There is no tool, of course; victims download the ransomware Gpcoder.e instead.
These phishing scams are targeted toward uninformed users. Keeping your security software updated, and being on the alert for phishing emails will keep you from having your identity stolen in scams like these.