« Cybercrime Gets Organized | Main | Podcast With Tizor Systems: Protecting Your Data From the Dangers of Web 2.0 »

Just noticed my blog from yesterday was completely nonsensical, as I left a quote open in a link and that ate up pert near fifty percent of yesterday’s blog. So if anyone was starting to wonder if the summer sun was affecting my brain, I recommend going back and reading yesterday’s blog here.

In what many have said will be the future of Internet attacks, Monster.com was the victim of a multi-staged attack that included both malware and social engineering, which Dr. Nazario spoke about in the final question of this podcast.

According to Symantec, the attack began with a Trojan horse they dubbed Infostealer.Monstres. The Trojan horse was posted on Monster’s Worldwide Inc’s job search service and managed to steal more the 1.6 records belonging to a few hundred thousand people. The thieves then took that data and used it to create some very specific phishing emails directed at the victims of the Monster data theft which, when opened, planted malware onto their machines.

The data stolen from Monster includes names, email addresses, home addresses, phone numbers and resume identification numbers. Infostealer.Monstres managed to infiltrate Monster by using legitimate log-ins, likely filched from recruiters and HR personnel who had access to the “Monster for employers” section of the website. Once in, the Trojan horse was able to run automated searches for resumes of people in specific locations or working in specific industries.

Once collected, that data was used to create very specific phishing emails. This represents a new level of social engineering, as the last surge of success came with the Storm Worm, which warned about deaths from recent storms. The more successful attacks using the data stolen from Monster instructed the recipient to download a program called “Monster Job Seeker Tool.”

The first bit of malware spread by the Monster.com attack was dubbed Banker.c, and featured a fairly standard Trojan horse designed to steal information by watching for log-ons and online banking accounts. When activated, the malware records the log-in info then transmits the specifics back to a central site.

Gpcoder.e is the second piece of malware spread by the Monster attack. The Gpcoder is known as “ransomware,” meaning it encrypts certain files on the infected user’s computer and holds the files hostage until the user pays a fee to unlock it.

While it was first reported that 46,000 people were reportedly infected by the attacks, other estimates say the number could climb much higher. "We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said.

This is just an early example of what will become commonplace multistage attacks using information gained from various Web 2.0 applications to create convincing but false emails in the future.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2248