, SecurityFocus 2007-08-22
Prospective workers that use job sites to gain exposure for their résumés may also be exposing their personal information to fraudsters, according to recent research by security companies.
On Friday, two security firms reported that malicious programs had stolen information on hundreds of thousands of people from Monster.com and other major online job-searching Web sites. Security company Symantec, the owner of SecurityFocus, reported on Friday that a program it had dubbed Infostealer.Monstres had use credentials for job site Monster.com to build a database of details on several hundred thousand people.
The same day, researchers from managed security firm SecureWorks described finding a large cache of data, representing information on almost 46,000 job seekers. That information had been stolen using a malicious program, which SecureWorks called the Prg Trojan, that infected victims through advertisements appearing on job-search sites, SecureWorks researcher Don Jackson said in a blog post.
"When I first discovered this large cache of data, I couldnt figure out how the hackers were compromising so many websites, and as a result, infecting so many victims," Jackson wrote. "However, when I uncovered the Trojan-injected advertisements, it made total sense."
The breaches appear to affect people who have posted their résumés online with Monster.com, CareerBuilder.com, and other services. The Trojan horse detected by Symantec includes hard-coded instructions for logging onto Monster.com and searching for the personal details of potential job applicants. Fraudsters have already started using the information to send more personalized e-mail messages. The information in the fraudulent messages appear to have been culled from, not only Monster.com, but other job sites, according to Symantec.
"You have a class of people that all have something in common -- they have submitted résumés to job databases," said Patrick Martin, senior product manager for Symantec. "That's the hook, as opposed to your average spam, where you might say, I have no interest in these pills or stocks, but this other message looks like its from a real employer."
Monster.com could not immediately be reached for comment. A representative of CareerBuilder.com stated that the site had not been attacked, but that the e-mail scams seen by Symantec were likely playing off the assumption that people post their résumés on more than one job site.
The attacks are the latest warning to job sites and seekers that résumés have become valuable commodities in the underground economy. In 2005, a privacy watchdog warned that employment details were increasingly being used by identity thieves to open accounts in other people's names. Moreover, work details can help turn massive spam campaigns into far more effective targeted attacks. Earlier this year, a Trojan horse that posed as a complaint from the Better Business Bureau claimed thousands of victims after it was targeted at executive management at small and medium firms.