Add to del.icio.us     Digg this

August 24, 2007

Symantec's Security Response Team warns that Monster.com has suffered a major data breach last week, with a Trojan horse stealing over 1.6 million personal records from the job search site's huge database. Dubbed InfoStealer.Monster, Symantec's blog reports the Trojan virus can steal very sensitive information from Monster.com, by simply using employer accounts which have presumably been compromised by a previous attacker.

Symantec security analyst Amado Hidalgo said "such a large database of highly personal data is a spammer's once-in-a-lifetime dream."

Using the stolen account, the Trojan logs into the Monster.com job recruiter Web site and searches for all available resumes, potentially lifting the name, email address, home address, phone numbers AND social insurance numbers(!) of its victims.

The Trojan virus then attempts to post the stolen information on a remote server controlled by the attacker.

Symantec says the virus sends HTTP commands to the Monster.com Website to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches.

Symantec further reports that the attackers have stolen over 1.6 million entries on the site, with sensitive personal data belonging to several hundred thousand individuals, mostly based in the U.S.

The master file used by the Trojan is ntos.exe, an executable also commonly used by Trojan.Gpcoder.E, a similar piece of malware.

The Trojans share the Monster.com logo for the executable icon - leading Symantec to speculate the same group is behind both.

Adding to this real mess, Trojan.Gpcoder.E has reportedly been sent in Monster.com phishing emails. The e-mails use the personal information to fool users into downloading a Monster Job Seeker Tool, which is in reality, Trojan.Gpscoder.E.

This destructive executable encrypts files in the affected computer, and then leaves a text file demanding the victim pay the attackers in order to recover the data.

Unfortunately, even a massive data security breach such as this one has become commonplace in recent years. Security watchgroup PRC (Privacy Rights Clearinghouse) lists no less than eighteen data breaches in the U.S. in August alone, not even counting the Monster.com data breach last weekend.

According to the organization, 159 million records containing sensitive personal information have been either stolen or severely compromised in the U.S. by security breaches committed in the past two years.

Symantec also warned Monster.com of the compromised recruiter accounts so they can be disabled. Meanwhile, it advises users not to publish personal information on the site, particularly Social Security numbers.

In the mean time, users should only utilize a separate disposable email address and avoid giving sensitive details until the prospective employer has been established as fully legitimate.

Symantec also recommends users to observe basic security practices, such as keeping your computer up-to-date, configuring your e-mail to block attachments commonly used to spread viruses such as .vbs, .bat, .exe, .pif and .scr files, and of course, never NEVER execute software that doesn't come at your request or that hasn't been initially scanned for viruses.

Add to del.icio.us     Digg this

Source: The Register

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.