shuts down rogue server linked to data theft shuts down rogue server linked to data theft

Summary: has shut down a rogue server that was accessing its database to hijack personal information from about 1.3 million job seekers.

TOPICS: Servers
9 shuts down rogue has shut down a rogue server that was accessing its database to hijack personal information from about 1.3 million job seekers.

In a statement issued today, the company said most of the affected job hunters were based in the U.S.

As previously reported, the information contained on this server was limited to names, addresses, phone numbers and email addresses. Based on Monster's thorough review, no other details, including bank account numbers, were uploaded.

Monster is working closely with the appropriate regulatory agencies and law enforcement authorities on this issue. Currently, the Company is reaching out to impacted individuals to alert them. As part of its communications, Monster is in the process of informing these individuals on the appropriate precautionary steps to protect themselves from any fraudulent emails claiming to be from Monster and asking for personal details.

The statement comes on the heels of Symantec's discovery of Infostealer.Monstres, a Trojan horse rigged to steal sensitive information from the compromised computer and targets users when they post data online.

According to Symantec's Amado Hildalgo, the rogue server was making connections to and, two sub-domains used by recruiters and human resources personnel to search for potential candidates and post jobs to Monster.

[The] Trojan appears to be using the (probably stolen) credentials of a number of recruiters to login to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields. The Trojan sends HTTP commands to the Web site to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches.The personal details of those candidates, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.

Topic: Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Ya right...!

    I?ve been getting the same email spams for months.

    I knew the emails were spam and monster was notified.

    So who is the blame...?

    Apparently they need to downsize their IT Staff and get some NEW BLOOD..!
    Out with the OLD and in with the NEW..!

    CareerBuilder is just as bad. Emails saying they go my email off of CareerBuilder for jobs and they are not here in the US.
    etc etc...

    So they have my Information from a company that is supposed to help my job search go better and farther....

    What is drives license and social #..?
  • Yet another reason to avoid MS Technologies

    Not surprising they got hacked since they use IIS and .NET for their Web site. Just look - at [b]any web address with .asp or .aspx STEET CLEAR.[/b]

    It's yet another reason I won't do business with any company employing these technologies. And I always send their CS a letter indicating the reason I took my business elsewhere.

    Hopefully if more do this our information will be moved out of Microsoft technologies and into a more secure platform.
    Posted by: ITGuy04 Posted on: 08/24/07
    • Hear! Hear!

      As another IT Guy, I couldn't agree more. Companies that act like sheep and deploy
      insecure Microsoft technology "because everyone else does" deserve what they get.
      It's the Emperor's New Clothes, but it catches up with them eventually. Imagine all the
      enormous number of similar incidents that go completely unnoticed or unreported.
    • Wow... thanx for that

      I heard from Microsoft that the reason their company is almost bellyup is because if ITGuy04 not supporting companies that use MSoft technologies (like

      Every letter that ITGuy04 sent MSoft and those companies was immediately sent to the top - to Gates himself. I know for a fact Bill worried and fretted over ITGuy04's letters, knowing that, without ITGuy04's support, MSoft, Bill's beloved company, was sure to fail, since ITGuy04 pulling support for MSoft companies using .NET et al meant the death knell for so many companies.

      So many other companies using MSoft Technologies have likewise shivered in their boots upon hearing about ITGuy04's not doing business with any company using IIS and .NET. So many potential bankruptcies because of ITGuy04's diligence and persistent attitude.

      Way to go ITGuy04 - your words are power, and you are being heard in the hallowed halls of Microsoft...
      • He's not alone....

        That being said imagine how many letters and e-mails <i>are</i> being sent to those running IIS/.NET that care to do business especially <b>with in</b> the IT industry.
    • Message has been deleted.

    • Read the article again

      If you read the article the breach had nothing to do with the server side technology. Passwords were stolen by a trojan horse on a client machine, then they used the password to gain access to the site and use http requests to access the information.

      This would have happened no matter what server side technology would have been used.

      You critisicm in regard to this article is unfounded.
    • ITGuy04... you'd be fired

      You apparently can't read the obvious. The site itself isn't hacked. It is using legitimate, albeit stolen credentials to access the data. Legitimate but stolen creds work equally as well on an Apache server. Your argument would hold water better if you had argued about the relevance of the client's OS. IT must support the corporate vision and mission. It doesn't exist for any other reason. Unless your employer is in the ideology business you're limiting your career.
  • Somebody deleted my message

    It was something like this: "And by the way, ITGuy04... you are a complete ass."

    (Whomever edits these talkbacks is likewise, to be silly enough to delete such an innocuous statement)