Researchers at the security vendor detected the Trojan, called Infostealer.Monstres, which is accessing data from the online recruitment site.
According to an advisory on Symantec’s website, the Trojan spreads via email attachments and web pages exploiting browser and software vulnerabilities.
The malware uploaded the captured data to a remote web server, which contained over 1.6 million entries of personal information belonging to several hundred thousand people, mainly based in the US, the researchers said.
The hackers stole personal data including name, email address, home address, country of residence and telephone numbers, which were then uploaded to the server.
“Such a large database of highly personal information is a spammer’s dream,” Symantec said. “In fact, we found the Trojan can be instructed to send spam emails using a mail template from the server. The malware appears to be using the – probably stolen – credentials of a number of recruiters to login to the site and perform searches for resumes of candidates.”
The advisory reveals that the ntos.exe file used by Infostealer.Monstres is also employed by Trojan.Gpcoder.E, which has reportedly been used in phishing attacks against the US-based firm.
Symantec said that it has informed Monster.com of the security breach in order for the compromised accounts to be disabled.
Monster.com could not be reached for comment.
Thousands of Monster.com user details stolen
By Fiona Raisbeck on Aug 22, 2007 7:46AM