Monster hack! 1.6 million records stolen from Monster.com

August 20, 2007

monster Only 3 days after users were threatened by a Trojan-laden ad, an outbreak of a multi-stage phishing attack, initiated by a Trojan horse, has been unleashed on Monster.com.

The Trojan horse, Infostealer.Monstres initially got into Monster.com by using legitimate log-ins, probably stolen from personnel who have access to the “Monster for employers” areas of the site. Once on Monster’s servers, the Trojan horse ran amok collecting personal user data. The personal information downloaded from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers.

With this stolen information, scammers can then make a credible phishing email. Not only can the phishing email provide them with critical user information, but it also also comes with 2 other pieces of malware. One is a common information-stealing Trojan horse, Banker.c, that monitors the infected PC for log-ons to online banking accounts and then transmits the data back to the hackers.

The second is a bit more nefarious. An article at ComputerWorld explains:

Infostealer.Monstres’ second-stage attack, which uses Gpcoder, is especially insidious. Realistic-looking e-mails that contain convincing personal information — the very information stolen from Monster.com — instruct the recipient to download a program called “Monster Job Seeker Tool.” There is no tool, of course; victims download the ransomware Gpcoder.e instead.

These phishing scams are targeted toward uninformed users. Keeping your security software updated, and being on the alert for phishing emails will keep you from having your identity stolen in scams like these.

Be Sociable, Share!

Leave a Reply:


Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content

Archives

Copyright © 2014 Blorge.com NS