Gameover computer Trojan takes hold of Monster.com accounts

  • wikimedia commons

Job seekers who put their information onto websites like Jobsite.co.uk will be thinking twice before adding their CVs to any similar sites after news spread that Monster.com accounts are being targeted by a new version of the Gameover computer Trojan.

The Trojan attempts to steal log on information from users of Monster.com and CareerBuilder.com by creating a false log on screen in the user’s browser. Security researchers from F-Secure are the ones who have highlighted the virus which is based on the infamous Zeus banking malware that used to inject rogue log on screens into infected machines when users went to access legitimate banking websites.

“A computer infected with Gameover ZeuS will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” a representative from F-Secure told us.

Once the user has entered the authentication info into the rogue screen another page appears asking for sensitive information which has to be divulged through security questions that the screen says needs answering before users can progress to their account. These answers could be used if the real Monster.com site asks the hackers to verify the account user’s identity when they go back into the user’s page.

Targeting Monster.com is a new development for hackers but CareerBuilder.com has been under attack before. Aside from candidates, recruiters using these systems should also be wary, especially if their log on is attached to a spending budget or a bank account.

F-Secure’s researchers have suggested that further security precautions should be taken. “It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentications beyond mere security questions.”

The Gameover Trojan programme has been around for a while now. In February it was announced by Malcovery Security that Gameover was being distributed as an encrypted .enc file which allowed it to bypass network defences. There hasn’t been any comment from Monster.com or from CareerBuilder.com but if you’re information’s on there you should be careful when logging in.

United Kingdom - Excite Network Copyright ©1995 - 2014