Monster Worldwide, the owner of employment search site Monster.com, warned job seekers late Wednesday that the company had discovered and shut down a rogue database that contained personal information culled from résumés posted on the site.
As reported by SecurityFocus, online fraudsters have used the database to craft personalized e-mails that purport to be a work-at-home job, but in reality are part of a scheme to steal funds from a bank account. The information found on the server included names, addresses, phone numbers and e-mail addresses, the company said.
"Protecting our users from malicious activity is one of Monster's top priorities," the company said in a statement. "Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. This problem spans the Web, particularly impacting high profile, heavily trafficked websites that serve a variety of users on a global basis."
While Monster.com did not credit anyone with discovering the rogue server, it is likely the same data cache found by security firm Symantec, the owner of SecurityFocus. The statement issued after 6 pm ET Wednesday identified the malicious software under investigation as the Infostealer.Monstres Trojan horse, the name used by Symantec in a report of the threat last Friday. The program uses legitimate employer accounts on Monster.com to search for personal details of particular job candidates and stored that information on a server in Eastern Europe, the report said.
Monster.com has placed an advisory on its Web site warning users of the e-mail scam.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos