Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now! hit with huge Trojan virus


Add to     Digg this story Digg this

August 24, 2007

Symantec's Security Response Team warns that has suffered a major data breach last week, with a Trojan horse stealing over 1.6 million personal records from the job search site's huge database. Dubbed InfoStealer.Monster, Symantec's blog reports the Trojan virus can steal very sensitive information from, by simply using employer accounts which have presumably been compromised by a previous attacker.

Symantec security analyst Amado Hidalgo said "such a large database of highly personal data is a spammer's once-in-a-lifetime dream."

Using the stolen account, the Trojan logs into the job recruiter Web site and searches for all available resumes, potentially lifting the name, email address, home address, phone numbers AND social insurance numbers(!) of its victims.

The Trojan virus then attempts to post the stolen information on a remote server controlled by the attacker.

Symantec says the virus sends HTTP commands to the Website to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches.

Symantec further reports that the attackers have stolen over 1.6 million entries on the site, with sensitive personal data belonging to several hundred thousand individuals, mostly based in the U.S.

The master file used by the Trojan is ntos.exe, an executable also commonly used by Trojan.Gpcoder.E, a similar piece of malware.

The Trojans share the logo for the executable icon - leading Symantec to speculate the same group is behind both.

Adding to this real mess, Trojan.Gpcoder.E has reportedly been sent in phishing emails. The e-mails use the personal information to fool users into downloading a Monster Job Seeker Tool, which is in reality, Trojan.Gpscoder.E.

This destructive executable encrypts files in the affected computer, and then leaves a text file demanding the victim pay the attackers in order to recover the data.

Unfortunately, even a massive data security breach such as this one has become commonplace in recent years. Security watchgroup PRC (Privacy Rights Clearinghouse) lists no less than eighteen data breaches in the U.S. in August alone, not even counting the data breach last weekend.

According to the organization, 159 million records containing sensitive personal information have been either stolen or severely compromised in the U.S. by security breaches committed in the past two years.

Symantec also warned of the compromised recruiter accounts so they can be disabled. Meanwhile, it advises users not to publish personal information on the site, particularly Social Security numbers.

In the mean time, users should only utilize a separate disposable email address and avoid giving sensitive details until the prospective employer has been established as fully legitimate.

Symantec also recommends users to observe basic security practices, such as keeping your computer up-to-date, configuring your e-mail to block attachments commonly used to spread viruses such as .vbs, .bat, .exe, .pif and .scr files, and of course, never NEVER execute software that doesn't come at your request or that hasn't been initially scanned for viruses.

Add to     Digg this story Digg this

Source: The Register


Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer