Job seekers are likely to be familiar with monster.com, a popular job search and online recruitment web site that is the second largest job search engine in the US, with roughly 42 million job seekers per month posting their resumes on the website-that is about 42 million people willingly providing their contact details and additional personal information to be reviewed by potential employers.
Of course there is nothing wrong with this picture but then again a Trojan-assisted security breach happens and then you have big problems on your hands.
Recently, a new information-stealing Trojan has turned up, this time targeting monster.com subscribers. This new Trojan apparently logs in to monster.com using a compromised account that is meant for employers who want to review resumes. Once it has gained access, the Trojan harvests the information contained within monster.com resume database, siphoning off names, home and mobile phone numbers, home addresses and email addresses into a remote server.
The remote server contains a file counter.txt which lists the number of compromised resume entries.
As of now 1,599,675 entries have been compromised. It is possible that the Trojan was created to harvest email addresses for the use of spammers.
Trend detects this Trojan as TSPY_MAMAW.A. For security purposes, we advise users who subscribe to such online recruitment website to provide minimal contact information. When providing an email address, use one that is separate from the personal email address that you often use to avoid being spammed.