Unknowingly Recruited Bots For Crime Work - InformationWeek
Software // Information Management
01:43 PM
Connect Directly
50% Unknowingly Recruited Bots For Crime Work

The incident marks the second significant attack on in recent months.

Without the company's permission, was briefly recruiting new bots this week to work on behalf of cyber criminals.

The company confirmed Wednesday that malicious software was inserted on the site's Monster Company Boulevard pages, which allow job seekers to research companies, in order to surreptitiously turn visitors' PCs into zombies for spam and malware delivery.

"It seems that suffered some sort of iframe injection attack [on Monday]," said Roger Thompson, CTO of Exploit Prevention Labs in a blog post, noting that the employment ads for a number of major brands were affected, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial, and Tricounties Bank.

The attack relied on a technique known as iframe injection. "Iframe tags are a kind of HTML tag," explains the site. "An iframe creates a small 'window' on a Web page so that another Web page can load within the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed a video into a blog post. When used by malicious hackers, an iframe can be made so small that it is invisible, and the visitor to the infected web page never knows that another page is also loading in the tiny iframe window." spokesperson Kathryn Burns confirmed the compromise and said that the company promptly removed and cleaned the affected Web pages.

"The malware was designed to make computers running it part of a spamming network," Burns said in an e-mail. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned. Because we believe this malware originated with an online crime group that targets leading web properties, we are providing as much information as possible about this situation to the appropriate law enforcement officials."

This marks the second significant attack on in recent months. In August, Symantec reported a new Trojan, called Infostealer.Monstres, which tries to capture personal information from job seeker profiles using credentials that appear to have been stolen from legitimate recruiters. The stolen information is subsequently used to tailor phishing e-mails which, if opened and unwittingly triggered, can encrypt files on a victim's PC. Cyber criminals can then demand payment to restore the locked files.

Burns stressed that remains committed to the integrity of its products and services and to the protection of its online visitors.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll