Identity attack spreads; 1.6M records stolen from Monster.com
Convincing phishing mail seeds bank account-stealing Trojan horse and 'ransomware'
Computerworld - The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend.
According to Symantec Corp. security analyst Amado Hidalgo, a new Trojan horse called Infostealer.Monstres by Symantec has stolen more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc.'s job search service. That data is then used to target the Monster.com users with credible phishing mail that plants more malware on their machines.
"We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said Sunday in an e-mail.
The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers, said Hidalgo, who traced the data to a remote server used by the attackers to store the stolen information. Infostealer.Monstres ripped off Monster.com by using legitimate log-ins, likely stolen from recruiters and human resource personnel who have access to the "Monster for employers" areas of the site. Once inside, the Trojan horse ran automated searches for resumes of candidates located in certain countries or working in certain fields. The results were then uploaded to the attackers' remote server.
"Such a large database of highly personal information is a spammer's dream," said Hidalgo. In fact, that's exactly what the attackers are using their newly-acquired data for.
"The attackers first gather e-mail address and other personal information from resumes posted to Monster.com with Infostealer.Monstres," Hidalgo said. "Next, they will try to infect the computers of those candidates by sending targeted Monster.com phishing mails which install [Banker.c or Gpcoder.e]."
The first piece of malware, dubbed Banker.c by Symantec, is a run-of-the-mill information-stealing Trojan horse that monitors the infected PC for log-ons to online banking accounts. When it sniffs a log-on in process, Banker.c records the username and password, then transmits the data back to hacker HQ. Gpcoder.e, on the other hand, is "ransomware," the name given to Trojan horses that encrypt files on the hacked computer, then hold those files hostage until the user pays a fee to unlock the data.
Although both Banker.c and Gpcoder.e may be distributed in other ways -- SecureWorks Inc. last week said it had spotted something like the former coming from infected ads placed on job search sites -- Infostealer.Monstres' built-in mailing code and template lets it send messages posing as missives from Monster.com straight to the job-site users it finds in its automated searches.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts