Ukrainian Monster
Aug. 25th, 2007 01:30 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
paserbypThe last thing you need when you're unemployed is a bank account that's suddenly emptied. But that's exactly what some unwary users of employment search site Monster.com faced after identity thieves made off with the personal information of more than a million people looking for jobs.
This still-developing story has enough nooks and crannies to confuse a gumshoe, but some facts are clear: Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.
Calculated and ambitious, the attack is striking for how it blended several elements -- stolen credentials of legitimate users, phishing e-mails, Trojan horses, money mules and more -- into a slick assault.
"There are several other things which should raise flags," said Symantec's Thakur, "from how money would be transferred, what denominations the transactions have to happen in, to the fact that the company's Web site states that it is located in Russia while the hosting is in Ukraine."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032278&pageNumber=1
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032518&pageNumber=1
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032638&source=NLT_PM&nlid=8
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9033658&source=NLT_AM&nlid=1
This still-developing story has enough nooks and crannies to confuse a gumshoe, but some facts are clear: Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.
Calculated and ambitious, the attack is striking for how it blended several elements -- stolen credentials of legitimate users, phishing e-mails, Trojan horses, money mules and more -- into a slick assault.
"There are several other things which should raise flags," said Symantec's Thakur, "from how money would be transferred, what denominations the transactions have to happen in, to the fact that the company's Web site states that it is located in Russia while the hosting is in Ukraine."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032278&pageNumber=1
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032518&pageNumber=1
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032638&source=NLT_PM&nlid=8
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9033658&source=NLT_AM&nlid=1
