Monster.com Unknowingly Recruited Bots For Crime Work
The incident marks the second significant attack on Monster.com in recent months.
Without the company's permission, Monster.com was briefly recruiting new bots this week to work on behalf of cyber criminals.
The company confirmed Wednesday that malicious software was inserted on the site's Monster Company Boulevard pages, which allow job seekers to research companies, in order to surreptitiously turn visitors' PCs into zombies for spam and malware delivery.
"It seems that company.monster.com suffered some sort of iframe injection attack [on Monday]," said Roger Thompson, CTO of Exploit Prevention Labs in a blog post, noting that the employment ads for a number of major brands were affected, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial, and Tricounties Bank.
The attack relied on a technique known as iframe injection. "Iframe tags are a kind of HTML tag," explains the StopBadware.org site. "An iframe creates a small 'window' on a Web page so that another Web page can load within the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed a video into a blog post. When used by malicious hackers, an iframe can be made so small that it is invisible, and the visitor to the infected web page never knows that another page is also loading in the tiny iframe window."
Monster.com spokesperson Kathryn Burns confirmed the compromise and said that the company promptly removed and cleaned the affected Web pages.
"The malware was designed to make computers running it part of a spamming network," Burns said in an e-mail. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned. Because we believe this malware originated with an online crime group that targets leading web properties, we are providing as much information as possible about this situation to the appropriate law enforcement officials."
This marks the second significant attack on Monster.com in recent months. In August, Symantec reported a new Trojan, called Infostealer.Monstres, which tries to capture personal information from Monster.com job seeker profiles using credentials that appear to have been stolen from legitimate recruiters. The stolen information is subsequently used to tailor phishing e-mails which, if opened and unwittingly triggered, can encrypt files on a victim's PC. Cyber criminals can then demand payment to restore the locked files.
Burns stressed that Monster.com remains committed to the integrity of its products and services and to the protection of its online visitors.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.