Monster.com falls victim to trojan attack

This is yet another example of how very clever hackers are infesting legitimate websites - what’s really scary is the untold number the security experts haven’t found yet… Brett @ TechGripe!

Recruitment website, Monster.com has suffered a massive security breach, leaving thousands of users’ personal details exposed. The breach was reported yesterday, as a new trojan called Infostealer.Monstres was detected while uploading data from a remote server of the recruiter.
Symantec, who analysed a sample of the trojan said that when it investigated the breach the remote server held over 1.6 million entries with personal information belonging to several hundred thousand people mostly based in the US, who had posted their CVs on the site. The security vendor said: ‘We were very surprised that this low profile trojan could have attacked so many people.”

Upon investigation, Symantec said the trojan had gained access to the server through subdomain connections. These subdomains belong to the “Monster for employers” only site, the section used by recruiters and human resources personnel to search for potential candidates, post jobs to Monster and other related activities. This site requires recruiters to log in to view information on candidates.

See full article here. (Originally by by Miya Knights and Rene Millman at ITPRO)