[ insider_reports_insider ]
Monster.com Recruiter Accounts Compromised
David Utter
Staff Writer
2007-08-22
 Insider Reports RSS Feed
Job hunters on Monster who have posted resumes may have had their personal details exposed through phished recruiter accounts, which would permit criminals to browse hundreds of thousands of profiles.
 | | Monster.com Recruiter Accounts Compromised |  |
The 'Monster for employers only' subdomains hiring.monster.com and recruiter.monster.com require logins to access job seeker information. A Trojan that pulled over 1.6 million records on hundreds of thousands of people to a remote server hit those subdomains.
Symantec researcher Amado Hidalgo said the Infostealer.Monstres Trojan committing these thefts did so with stolen login credentials:
The Trojan sends HTTP commands to the Monster.com Web site to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches.
The personal details of those candidates, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.
A second Trojan had reportedly been sent out in waves of spam to capture this login information. Trojan.Gpcoder.E will encrypt files in the affected computer and leaves a text file requesting money to be paid to the attackers in order to decrypt the files, Hidalgo wrote.
Job seekers should keep the most valuable personal data, like Social Security numbers and driver's license numbers, off of Monster and other job sites. Only after establishing the legitimacy of an employer should someone consider providing those details.
Monster has been notified of the compromised accounts.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
