Researchers at SecureWorks have found a massive cache of sensitive data from over 46,000 victims of a Prg Trojan variant. What's odd about this particular case is that not only did they find lots of private data, but where the data came from.
“Experts at the Atlanta-based security company said the information includes bank and credit card account numbers, social security numbers and passwords. The victims were infected—and in numerous cases re-infected—by ads on popular, online job sites, including Monster.com during the past three months.”
The fact that the virus was getting around via a top-tier job hunting site, such as Monster.com, is quite disturbing. What's even more disturbing is what the virus does.
This particular variant likes to watch for any data that is on its way to a SSL connection, intercept it before it gets there, and then send a copy back to the hacker's server. Just what type of data would someone want to transfer over a SSL connection? Banking information would be a major candidate, as would online shopping.
Talk about adding insult to injury!