For the second time in four months, Monster.com's website has been victimized by hackers. The latest attack, believed caused by an IFRAME injection vulnerability, forced the jobs website to take part of its web presence offline Monday.
The outage impacted much of the Monster Company Boulevard, where job hunters search for positions by company. Businesses involved in the attack include Eddie Bauer, GMAC Mortgage, Best Buy, Toyota Financial Services, and Tri Counties Bank, said Roger Thompson, chief technology officer at Exploit Prevention Labs, one of the early detectors of the attack.
Monster was hit by an IFRAME that linked out to a site that was throwing exploits at users, Thompson told SCMagazineUS.com. The attack, which likely took advantage of a cross-site scripting vulnerability, likely was created using Neosploit, a hacking toolkit similar to Mpack.
"It's not clear exactly what exploits these are yet, because they infect the user's PC wrapped inside a new form of encryption that we haven't been able to see inside yet," Thompson said.
Windows users whose PCs are patched as of April 2007 are safe from the exploit, he said.
"[It] probably caught corporate users more than anyone," he added. "Corporate users tend not to patch as readily, while consumers tend to turn on auto patching."
It is unclear who perpetrated the attack, but the Russian Business Network – an internet service provider said to offer "bulletproof" web hosting, often allegedly to criminal groups – is a prime suspect.
Monster, in a statement, said it did not believe the malicious code attack affected many users.
"The malware was designed to make computers running it part of a spamming network," the statement said. "The virus is detectable by most major anti-virus software, and this issue should not affect users running Windows with the most recent security updates from Microsoft. In addition, we believe only an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."
Monster also made news in August, when it said that hackers had penetrated its database and stolen personal information of job hunters. They then used that information to send targeted emails with fraudulent job postings, or attempted to deceive recipients into downloading malicious software.
