Monster.com hit with another malware attack

Share this article:

For the second time in four months, Monster.com's website has been victimized by hackers. The latest attack, believed caused by an IFRAME injection vulnerability, forced the jobs website to take part of its web presence offline Monday.

The outage impacted much of the Monster Company Boulevard, where job hunters search for positions by company. Businesses involved in the attack include Eddie Bauer, GMAC Mortgage, Best Buy, Toyota Financial Services, and Tri Counties Bank, said Roger Thompson, chief technology officer at Exploit Prevention Labs, one of the early detectors of the attack.

Monster was hit by an IFRAME that linked out to a site that was throwing exploits at users, Thompson told SCMagazineUS.com. The attack, which likely took advantage of a cross-site scripting vulnerability, likely was created using Neosploit, a hacking toolkit similar to Mpack.

"It's not clear exactly what exploits these are yet, because they infect the user's PC wrapped inside a new form of encryption that we haven't been able to see inside yet," Thompson said.

Windows users whose PCs are patched as of April 2007 are safe from the exploit, he said.

"[It] probably caught corporate users more than anyone," he added. "Corporate users tend not to patch as readily, while consumers tend to turn on auto patching."

It is unclear who perpetrated the attack, but the Russian Business Network – an internet service provider said to offer "bulletproof" web hosting, often allegedly to criminal groups – is a prime suspect.

Monster, in a statement, said it did not believe the malicious code attack affected many users.

"The malware was designed to make computers running it part of a spamming network," the statement said. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."

Monster also made news in August, when it said that hackers had penetrated its database and stolen personal information of job hunters. They then used that information to send targeted emails with fraudulent job postings, or attempted to deceive recipients into downloading malicious software.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.