Monster.com hit with another malware attack

Share this article:

For the second time in four months, Monster.com's website has been victimized by hackers. The latest attack, believed caused by an IFRAME injection vulnerability, forced the jobs website to take part of its web presence offline Monday.

The outage impacted much of the Monster Company Boulevard, where job hunters search for positions by company. Businesses involved in the attack include Eddie Bauer, GMAC Mortgage, Best Buy, Toyota Financial Services, and Tri Counties Bank, said Roger Thompson, chief technology officer at Exploit Prevention Labs, one of the early detectors of the attack.

Monster was hit by an IFRAME that linked out to a site that was throwing exploits at users, Thompson told SCMagazineUS.com. The attack, which likely took advantage of a cross-site scripting vulnerability, likely was created using Neosploit, a hacking toolkit similar to Mpack.

"It's not clear exactly what exploits these are yet, because they infect the user's PC wrapped inside a new form of encryption that we haven't been able to see inside yet," Thompson said.

Windows users whose PCs are patched as of April 2007 are safe from the exploit, he said.

"[It] probably caught corporate users more than anyone," he added. "Corporate users tend not to patch as readily, while consumers tend to turn on auto patching."

It is unclear who perpetrated the attack, but the Russian Business Network – an internet service provider said to offer "bulletproof" web hosting, often allegedly to criminal groups – is a prime suspect.

Monster, in a statement, said it did not believe the malicious code attack affected many users.

"The malware was designed to make computers running it part of a spamming network," the statement said. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."

Monster also made news in August, when it said that hackers had penetrated its database and stolen personal information of job hunters. They then used that information to send targeted emails with fraudulent job postings, or attempted to deceive recipients into downloading malicious software.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Study: Canada C-Suite execs say companies prepared for threats

A survey of Canadian business execs found that just over a quarter had experienced a cyber attack.

PHP vulnerabilities patched

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Pennyslvania man sentenced after 'swatting' prank

Pennyslvania man sentenced after 'swatting' prank

David Barnhouse was sentenced to 18 months in prison after he hacked into a neighbor's Verizon FiOS router to post a bomb threat on a Pennsylvania mall's website.