Software // Information Management
News
11/21/2007
01:43 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Monster.com Unknowingly Recruited Bots For Crime Work

The incident marks the second significant attack on Monster.com in recent months.

Without the company's permission, Monster.com was briefly recruiting new bots this week to work on behalf of cyber criminals.

The company confirmed Wednesday that malicious software was inserted on the site's Monster Company Boulevard pages, which allow job seekers to research companies, in order to surreptitiously turn visitors' PCs into zombies for spam and malware delivery.

"It seems that company.monster.com suffered some sort of iframe injection attack [on Monday]," said Roger Thompson, CTO of Exploit Prevention Labs in a blog post, noting that the employment ads for a number of major brands were affected, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial, and Tricounties Bank.

The attack relied on a technique known as iframe injection. "Iframe tags are a kind of HTML tag," explains the StopBadware.org site. "An iframe creates a small 'window' on a Web page so that another Web page can load within the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed a video into a blog post. When used by malicious hackers, an iframe can be made so small that it is invisible, and the visitor to the infected web page never knows that another page is also loading in the tiny iframe window."

Monster.com spokesperson Kathryn Burns confirmed the compromise and said that the company promptly removed and cleaned the affected Web pages.

"The malware was designed to make computers running it part of a spamming network," Burns said in an e-mail. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned. Because we believe this malware originated with an online crime group that targets leading web properties, we are providing as much information as possible about this situation to the appropriate law enforcement officials."

This marks the second significant attack on Monster.com in recent months. In August, Symantec reported a new Trojan, called Infostealer.Monstres, which tries to capture personal information from Monster.com job seeker profiles using credentials that appear to have been stolen from legitimate recruiters. The stolen information is subsequently used to tailor phishing e-mails which, if opened and unwittingly triggered, can encrypt files on a victim's PC. Cyber criminals can then demand payment to restore the locked files.

Burns stressed that Monster.com remains committed to the integrity of its products and services and to the protection of its online visitors.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.