Application security

Attackers steal user information

Security researchers at Symantec say the former. Kevin Mandia, a computer forensics expert, believes it might be the latter.

In any case, what is known is that a new trojan, called Infostealer.Monstres, was attempting to access the online recruitment website.

"The trojan appears to be using the [probably stolen] credentials of a number of recruiters to login to the website and perform searches for resumes of candidates located in certain countries or working in certain fields," Symantec researcher Amado Hidalgo said in blog post.

"The trojan sends HTTP commands to the website to navigate to the Managed Folders section," he added. "It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches."

The trojan extracted personal information from the resumes and uploaded to a remote server, Symantec said. The researchers found 1.6 million pieces of compromised data on a single server. Separately, SecureWorks’ researchers found about a dozen smaller collections of stolen data, which included names and home and email addresses.

The perpetrators then used the collected email addresses to send phishing messages to job hunters whose information was stolen, SecureWorks said.

Mandia, chief executive officer of Mandiant, said he questions whether was in fact "hacked."

"I don't see any evidence that was hacked at all — it looks like a business process was compromised," he told today.

"I'm not convinced data theft is the right definition" for what occurred, he added. "This is a site that collects people's resumes that are publicly available. is a site that people pay to find perspective employees, and someone used an account for data mining so they could send spam. I would imagine something like this could have been happening for years."

Symantec said it has told of the problem so it can shut down the recruiter accounts stolen by the trojan.

A spokesperson did not return a telephone call seeking comment.


Click here to email West Coast Bureau Chief Jim Carr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.