Architecture, Application Security, Strategy

Monster takes down ‘pirate server with stolen user information

August 24, 2007

The server contained the names, addresses, phone numbers and email addresses of Monster.com job seekers "primarily located in the United States," Monster.com said in a prepared statement. The company did not say where the server was located.

Reports early in the week from security vendor Symantec said reseachers had located a server containing 1.6 million records of hundreds of thousands of Monster.com users. The company, however, said it was still working to pinpoint the exact the number of people affected by the breach and that it "will be contacting them as appropriate."

According to Symantec, unknown individuals stole the login information for companies looking for employees, then used that information to access Monster.com's job-seeker database. The automated Infostealer.Monstres trojan transmitted the job-seeker information to the server.

In the final step of the multi-stage attack, the Monster.com users were sent emails with links to at least two forms of malware. One attempts to harvest login details for financial sites, while the second tries to encrypt data on the user's PC, then demands a ransom to decode the data.

The company warned visitors to its website to "contact us to verify its legitimacy" should they receive an email asking them "to download a tool or update your account or access agreement."

It also urged visitors to "run an anti-virus application to remove anything that may have been installed on your computer, and contact a Monster representative to have your Monster account password changed," if they believe they clicked on a link in one of the fraudulent email messages.

"Regrettably, opportunistic criminals are increasingly using the internet for illegitimate purposes," Monster.com said. "This problem spans the web, particularly websites that receive heavy traffic and serve a variety of users. All online companies are susceptible to occasional scams. While Monster makes every effort to prevent this abuse, it is not immune to such activity."

 

Click here to email West Coast Bureau Chief Jim Carr.
prestitial ad