Monster.com Attacks Dawn Danger on Users

As reported by the researchers, on Monday 19, 2007, Monster.com got a part of its site offline because it had been hijacked by an IFrame attack used to distribute malware to the visitors with a multi-exploit attack kit.

Exploit Prevention Labs' Roger Thompson said that the outage severely impacted the Monster Company Boulevard, who fist noticed the interrupted service at about 5 pm on November 19, 2007 East Coast Time, as per the reports of The Register on November 20, 2007.

Many hours earlier, Roger found that the Website had been attacked by IFrame that was sending the Internet users to servers which hosted the Neosploit exploits, a malicious assault toolkit that poses competition to famous packages like Icepack and MPack. Roger was able to spot the attack by means of data mysteriously submitted with the LinkScanner (a product of Exploit Prevention Labs) that cautions the Internet browsers when they visit harmful online destinations.

Roger also informed that the attack by IFrame disfigured employment listings provided by the world's best companies, like Toyota Financial, Eddie Bauer and Best Buy. Users who visited these sites were sent to a server hosting the exploits. Further, the encryption of the malicious JavaScript made it difficult to know how it worked.

As per the records of the Internet, the hacker network RBN (Russian Business Network) may also be involved in this.

Roger claimed in an instant message exchange on November 19, 2007 night that an infective URL was http://company.monster.com/toyfs/ (Financial segment of Toyota], Or http://company.monster.com/bestbuy, (of Best Buy'), as per the reports of the Computer World on November 20, 2007.

Roger said in his blog that the number of pages affected is not known but the attack appears same for all the companies coming under the set of fortune 500, as per the reports of Computer World. Roger further confirmed no longer detection of the malicious IFrame by him.

A company spokesman said that Monster.com has cleared its pages off the unlawful code and retained pages it took along.

This is the second instance when Monster.com has fallen prey to attack. During late August, Monster.com has cautioned the users that spammers had stolen client names that were being attacked in extremely personalized spam and phishing attacks.

Related article: Minnesota To Make Amendments in its Cybercrime Laws

» SPAMfighter News - 12/3/2007