Infected Ads Victimizing Job Aspirants

Job seekers are being victimized by hackers who use Prg trojans to infect victims' computers and personal information of about 46,000 job seekers has been stolen from major job sites.

The hackers inject malicious recruitment ads on the leading online job sites, says Don Jackson, researcher of SecureWorks who discovered Prg Trojan and its scheme, as published by SC Magazine on August 17, 2007.

According to Jackson, when a job seeker sees or clicks on such malicious ad, his PC gets infected with the Trojan leading to the information he entered being leaked and dispatched to the hacker's server in the Asia-Pacific region before it can reach the SSL (Secure Sockets Layer) protected sites. Jackson added that stolen information includes names, Social Security Numbers, bank and credit card account numbers, online payment account usernames and passwords.

Jackson is of the view that the ad aggregators who sell the hackers' ads are unaware that these ads contain links to malicious sites. The malware on such sites uses the vulnerabilities in Windows, QuickTime and ActiveX controls to infect the users' systems with executables that collect their personal information such as passwords.

Jackson explains that anti-virus software are unable to find them because of the way they hide themselves and also because it changes executables frequently, a week on average, since the hackers behind the scam are releasing new variants. Jackson adds that since anti-virus software are not good at catching this, the best way to protect oneself is to patch the operating system and everything else on the computer. .

The computers attacked by Prg Trojan have a back door proxy server listening for connections on port 6081, said Jackson. Port 6081 isn't assigned to legit services and isn't hidden by the root-kit functionality and if it's open on the users' computer, then they are likely to be attacked by Prg Trojan.

The remedy for victims whose anti-virus isn't discovering the infection is to boot their computers into the Safe mode and start an anti-virus scan. In case it doesn't work out, manual removal or reinstalling the OS may be required, concluded Jackson.

Related article: Infection in Chinese Security Website

» SPAMfighter News - 9/3/2007