Monster-dot-com database hacked

[JohnnyCastaway]

If you have your resume posted on Monster.com you should have a read through this article, it's a bit long, but it explains what happened there, and somethings that you should be watching out for.

The looting of Monster goes back weeks, and maybe months, so IF you had your resume out there, you need to use a double dose of suspicion when you get emails to the address you provided. Some unwary users of Monster have had their identity stolen and their back accounts were suddenly emptied. Monster's database was looted, and personal data was taken to craft extremely convincing emails that then installed trojans and ransomware on PCs. It looks like 1.6 million records were stolen, so yours might be one of them. Our Malware Researchers have been going back and looking at everything again because of all the press lately and they have found some evidence that they were probably attacking the CareerBuilder site as well. So keep an eye out for that too.

Monster itself was not hacked. But smart attackers blended some noxious elements together: stolen information, personalized phishing email, combined with trojan malware and so called 'money mules' (middlemen who transfer money from a phished bank account to a foreign, difficult to trace account.) What happened is that "by gaining unauthorized access to employer accounts, the software was obtaining job seeker contact information," Monster said in a recent alert. The data-stealing Trojan was hard coded to look at U.S. residents only.

One of the key points in this article is that the trojan is hard coded to look for US addresses, and only about 5000 of the users affected live outside the USA.  Still, some caution and common sense applies, never give out sensitive information on the Internet, be suspicious of unsolicited emails and files.



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032518&pageNumber=1

[JohnnyCastaway]

Here's a bit more info:

The company, which maintains the employment search site Monster.com,
warned users on Wednesday that it continues to investigate and "take
measures to address the impact" of Infostealer.Monstres. The malware was
first uncovered last week by Symantec. The program managed to access
sections of the site reserved for confirmed job recruiters so it could
assemble personal information on "several hundred thousand" job seekers.

According to a more recent posting by Symantec researcher Vikram Thakur,
criminals behind the Trojan may be using the information to send
personalized emails that try to trick recipients into turning over
online bank account credentials.

"The email looks very realistic and may convince many that it has been
sent from Monster.com or Careerbuilder.com," Thakur warned.

The message, which contains the job seeker's full name, offers a
position as a "transfer manager" at an investment firm. It offers a
competitive salary, a $500 signing bonus and the ability to work from
home.

However, there's a catch: The email also requires candidates to open a
Bank of America account and transmit the account details, ostensibly so
they can receive online payments. With that and additional information
that's requested, it would then be possible for fraudsters to use
Western Union to withdraw money against the account.

While there are tell-tale signs that the emails are fraudulent, the con
artists have several things on their side. That would be 1.6m entries
providing personal information on several hundred thousand people, all
of whom are actively seeking new jobs.

"The sheer number of people who could receive such targeted spam is
worrisome," Thakur wrote. "We urge readers to limit the information they
post on Web sites."