Software // Information Management
03:50 PM

Phony Job Ad Nets More Stolen Identities

The data apparently is being stolen and stockpiled by one hacker group using the latest variance of the Prg Trojan.

Last week, a security company reported that it found about 100,000 stolen identities hidden away in a dozen caches spread across the globe. Now it seems that number may be a fraction of the amount that hackers have stolen and socked away.

Researchers at Symantec have found another major database of information. This one contains 1.6 million pieces of facts such as names, addresses, mobile phone numbers, and name of employers. The number correlates to data pieces, not 1.6 million victims, said Dave Cole, director of Symantec's Security Response team.

It's still unclear how many stolen identities -- how many victims of identity theft -- the information in that cache represents, added Cole.

"This is a spammer's dream," Cole said in an interview with InformationWeek. "You've all this fresh data. ... We see stolen data all the time. In terms of shock value, this is a lot of data, for sure. Is it the most complete data we've ever seen? No, I don't think so."

This new cache of stolen data seems to be connected to the 12 caches that security researchers at SecureWorks reported finding last week. The data is apparently being stolen and stockpiled by one hacker group using the latest variance of the Prg Trojan, which also is known as Ntos, Tcp Trojan, Zeus, Infostealer.Monstres, and Banker.aam.

The largest cache that SecureWorks found contained the stolen identities of 46,000 people.

The stolen data, which includes bank and credit card account information, Social Security numbers, online payment account user names, and passwords, comes from victims who were all individually infected with the Trojan beginning in early May.

Don Jackson, a researcher with security company SecureWorks, said in an interview that the latest variant of the Prg Trojan has been running on fraudulent ads on at least two online job sites. One, he said, is Representatives from Monster did not return a request for an interview.

Symantec's Cole, who said Monster has been working with his company on the case, added that legitimate Web sites are often conned into running phony and malicious ads. "These types of attacks can happen to pretty much any kind of site," he said. "Complex and robust Web sites are pulling information from different areas. Presenting a safe and secure commercial site ... is a lot harder than it used to be."

A spokeswoman for SecureWorks pointed out that the hackers seem to be using different attack vectors -- both malicious ads and e-mails that are being sent to Monster users.

Cole also said he's not seeing nearly as much activity going on now for the Prg Trojan and thinks the hackers have gone underground to ride out some of the media and security attention they're getting right now.

"It may pop back up when the coast is clear," he added. "It's reasonable to say it's a lot of the same people using different tactics. They'll probably go quiet for a while and then pop back up on another site."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.