The server contained the names, addresses, phone numbers and email addresses of Monster.com job seekers "primarily located in the United States," Monster.com said in a prepared statement. Monster.com did not say where the server was located.
Symantec said that it had located a server containing 1.6 million records of hundreds of thousands of Monster.com users. Monster.com, however, said it was still working to pinpoint the exact the number of people affected by the breach and that it "will be contacting them as appropriate."
According to Symantec, unknown individuals stole the log-in information for companies looking for employees, then used that information to access Monster.com's job-seeker database.
The automated Infostealer.Monstres trojan transmitted the job-seeker information to the server.
In the final step of the multi-stage attack, the Monster.com users were sent emails with links to at least two forms of malware.
One attempts to harvest log-in details for financial sites, the second tries to encrypt data on the user's PC, them demands a ransom to decode the data.
The company warned visitors to its website to "contact us to verify its legitimacy" should they receive an email asking them "to download a tool or update your account or access agreement."
It also urged visitors to "run an anti-virus application to remove anything that may have been installed on your computer, and contact a Monster Representative to have your Monster account password changed," if they believe they clicked on a link in one of the fraudulent email messages.
"Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes," Monster.com said. "This problem spans the web, particularly websites that receive heavy traffic and serve a variety of users.
All online companies are susceptible to occasional scams. While Monster makes every effort to prevent this abuse, it is not immune to such activity."
Monster takes down ‘pirate' server with stolen user information
By Jim Carr on Aug 24, 2007 10:40AM