Identity attack spreads

[Humpty]

The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend.

 

According to Symantec Corp. security analyst Amado Hidalgo, a new Trojan horse called Infostealer.Monstres by Symantec has stolen more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc.'s job search service. That data is then used to target the Monster.com users with credible phishing mail that plants more malware on their machines.

 

"We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said Sunday in an e-mail.

 

Once inside, the Trojan horse ran automated searches for resumes of candidates located in certain countries or working in certain fields. The results were then uploaded to the attackers' remote server.

 

"Such a large database of highly personal information is a spammer's dream," said Hidalgo. In fact, that's exactly what the attackers are using their newly-acquired data for.

 

"The attackers first gather e-mail address and other personal information from resumes posted to Monster.com with Infostealer.Monstres," Hidalgo said. "Next, they will try to infect the computers of those candidates by sending targeted Monster.com phishing mails which install [banker.c or Gpcoder.e]."

Article