Security Bytes

Nov 20 2007   8:31AM GMT

Monster.com hacked again

Leigha Leigha Cardwell Profile: Leigha

These continue to be risky times for those using Monster.com to search for jobs. You might remember that hackers targeted Monster.com with a massive phishing attack last August, stealing at least 1.6 million bank account records in the process. Now comes word that the bad guys nailed the site with an iframe injection attack Monday.

Roger Thompson, CTO at Exploit Prevention Labs, blogged that multiple brands appeared to be affected, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial, and Tricounties Bank.

“It is … not clear how many pages were affected, but it is likely that the attack was the same for all companies on the Web site, which might turn out to be a pretty good set of Fortune 500 [companies],” he wrote, adding that his lab detected the attack as something cooked up using the Neosploit exploit package. “It is fairly well encrypted,” he said.

Fortunately, he said, Monster caught on quickly and yanked the affected pages down.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: