Monster.com Hacked. This Is Not A Repeat
Part of jobsearch giant Monster.com was yanked off the Internet for a short period on Monday after it was discovered that hackers had managed to redirect some Monster users to servers where they were exposed to an exploit that collected sensitive personal data from them.
The iFrame attack marred employment listings offered by some of the world's biggest companies, including Best Buy, Toyota Financial and Eddie Bauer, Thompson said. People who visited those listings were redirected to a server that hosted the exploits. The malicious javascript was encrypted, making it hard to know exactly how it behaved.
Monster.com has since scrubbed its pages clean of the offending code and restored the pages it took down, a spokesman said in a statement. The attack attempted to install malware that is commonly flagged by most anti-virus programs and "should not affect users running Windows with the most recent security updates from Microsoft," according to the statement. Only "an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."
Just three months ago, criminals stole Monster.com user names for use in a targeted phishing attack. Monster promised to do better. Perhaps Monster could post a job a job opportunity notice for a few computer security workers. If only there was someplace on the web prospective candidates could trust to look for such a thing.
The iFrame attack marred employment listings offered by some of the world's biggest companies, including Best Buy, Toyota Financial and Eddie Bauer, Thompson said. People who visited those listings were redirected to a server that hosted the exploits. The malicious javascript was encrypted, making it hard to know exactly how it behaved.
Monster.com has since scrubbed its pages clean of the offending code and restored the pages it took down, a spokesman said in a statement. The attack attempted to install malware that is commonly flagged by most anti-virus programs and "should not affect users running Windows with the most recent security updates from Microsoft," according to the statement. Only "an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."
Just three months ago, criminals stole Monster.com user names for use in a targeted phishing attack. Monster promised to do better. Perhaps Monster could post a job a job opportunity notice for a few computer security workers. If only there was someplace on the web prospective candidates could trust to look for such a thing.
