According to digital security firm Symantec, as many as 1.6 million records belonging to several hundred thousand people from Monster.com Worldwide"s job search service may have been stolen by the trojan horse Infostealer.Monstres in a multistage attack targeted at stealing personal data from job search sites. Monster.com spokesman Steve Sylven said Sunday in an e-mail that "We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation." According to Symantec security analyst Amado Hidalgo, the attackers inserted the trojan using legitimate log-ins, likely stolen from recruiters and human resource personnel who have access to the "Monster for employers" areas of the site, snatching personal data including names, e-mail addresses, home address, phone numbers and resume identification numbers.
"Such a large database of highly personal information is a spammer"s dream," said Hidalgo. According to the researcher, "the attackers first gather e-mail address and other personal information from resumes posted to Monster.com with Infostealer.Monstres. Next, they will try to infect the computers of those candidates by sending targeted Monster.com phishing mails which install [Banker.c or Gpcoder.e]." Banker.c is a standard info-stealing trojan which monitors for secure connections to online banking accounts; the trojan then sniffs out the victim"s username and password and transfers it back to the hackers. Gpcoder.e is slightly more insidious, being "ransomware," or a trojan which encrypts files and forces the user to pay a fee to regain access to the data.