As seen in an article on PC World’s website, an information stealing trojan has been using the Monster.com job hunting service to steal contact information and other personal information from the site which it then uses to send Monster.com users a phishing like email. The email attempts to trick users into clicking on an infected link which will install one or two types of malware on the target system. This malware is then used to steal account information for a variety of online financial institutions as well as encrypting certain personal files on your system and holding them for ransom. As noted in the article, the malware included also creates a backdoor for the attacker to access your PC at will. The article lists one method for detecting the backdoor, another method is using the command prompt along with the command “netstat -an” which will give you a list of all active connections and open ports. If you see that port 6081 is open or actively listening, you may be infected.
As noted in my previous posts about Phishing, beware of links that you may find in emails. While the email may look perfectly legitimate, it could contain malicious material, as this one apparently does. Before clicking any links, hover over them with your mouse and be sure that they are actually taking you to a site that is legitimately owned by the company the email claims to be from (ex. links in an email from monster.com should take you to a site on the domain monster.com).
NOTE: This attack only affects monster.com users!
Share This
