Gameover Malware Targets Job Seekers

← Back to Stories (view on slashdot.org)

Gameover Malware Targets Job Seekers

Posted by Soulskill on Wednesday March 26, 2014 @12:12PM from the game-over-man,-game-over dept.

itwbennett writes: "A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts. Like the Zeus banking malware on which it is based, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers. 'A computer infected with Gameover ZeuS will inject a new 'Sign In' button [into the Monster.com sign-in page], but the page looks otherwise identical,' security researchers from antivirus firm F-Secure said Tuesday in a blog post."

42 comments

Min score:

Reason:

Sort:

rushed target selection? by Tablizer · 2014-03-26 12:17 · Score: 5, Funny

What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?

--
Table-ized A.I.
1. Re:rushed target selection? by Joe_Dragon · 2014-03-26 12:19 · Score: 1
  
  to send out word docs loaded with word macro virus
2. Re: rushed target selection? by Anonymous Coward · 2014-03-26 12:32 · Score: 0
  
  Maybe the plan is to get SSN, address, DoB and other info required to apply for credit?
3. Re:rushed target selection? by Beardo+the+Bearded · 2014-03-26 12:43 · Score: 4, Funny
  
  Yeah, that's what I was thinking. Are you going to steal my no money? Go right ahead.
  It's like... if someone breaks into my house looking for money and valuables, I'll hand out flashlights, turn on the lights, and we'll all look together.
  My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
4. Re:rushed target selection? by Anonymous Coward · 2014-03-26 12:46 · Score: 0
  
  Less likely to have funding and such to fight back? It is expensive to be poor.
5. Re:rushed target selection? by rmdingler · 2014-03-26 13:00 · Score: 1
  
  Not everyone looking for a job is currently unemployed, of course, and it may have more to do with security vulnerabilities at Monster and CareerBuilders than potential individual targets.
  
  --
  Happiness in intelligent people is the rarest thing I know.
  Ernest Hemingway
6. Re: rushed target selection? by Anonymous Coward · 2014-03-26 13:24 · Score: 0
  
  But they're the perfect target for that reason. Republicans don't care about the poor so this will never be investigated.
7. Re:rushed target selection? by moschner · 2014-03-26 13:47 · Score: 3, Insightful
  
  Not only are many who are looking for a job already employed, but job sites are a treasure trove of personal information. People post resumes with nearly everything but their ssn. They also give out phone numbers and email address of people they know.
  And if you know people are looking for a job, what kinds of jobs, and can then build targeted phishing that looks like a job offer/application, get the person to give you their SSN and information, then sell it or use it.
8. Re:rushed target selection? by Anonymous Coward · 2014-03-26 14:04 · Score: 0
  
  Maybe they steal your credentials and use them to attain employment... seriously, it explains some of my coworkers...
9. Re:rushed target selection? by Anonymous Coward · 2014-03-26 14:18 · Score: 0
  
  What kind of genius thief selects the unemployed to steal from?
  They're not trying to steal from you.
  Dice just wants your details to send more spam.
10. Re:rushed target selection? by drinkypoo · 2014-03-26 15:35 · Score: 2
  
  My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.
  Yeah, you say that, but if you can find a corrupt court then you can do anything. For example, some mexican gave some other mexican a car under my social security number. No, like, they're both really Mexican, I'm just kinda Mexican. And then a court in Nevada City, CA went ahead and awarded a judgment against me on the basis of a check cashing card with my social written on it. I haven't bothered to deal with it because I'm not trying to buy a house or anything, but I'll probably have to drive for four fucking hours to get to court in a place even more bumfucked than where I live now in order to deal with it if I don't just leave the country and let them jerk off over this supposed debt until the country collapses. Still undecided, but leaning that way.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
11. Re:rushed target selection? by niftymitch · 2014-03-26 15:47 · Score: 1
  
  What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?
  Many unemployed still have stuff to steal: identity, credit line, bank account, unemployment checks,..
  what they do not have is money to tempt the dark side... (legal types) to defend and advocate for them.
  There have been many analysis of the reason it is low risk and profitable to steel bicycles but
  not $10,000.00 from a bank.
  If the police end up in the presence of cash at the home of a thief they impound it
  and the home and more and slip it ALL into the coffers of the municipality/ controlling agency.
  So crook "A" has stolen $500,000.00 and they smash the door down for
  one theft of $10,000.00 now $490,000.00 goes into the pockets of one group
  of crooks armed by your tax dollars and sure $10,000.00 goes back to the
  one "known victim". Bicycles... what is the value of having 1000 more of them to the cops?
  
  --
  Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
12. Re:rushed target selection? by Anonymous Coward · 2014-03-26 15:55 · Score: 0
  
  You are always useful if someone manages to get you arrested and given a long sentence in the US prison system. The private prison system where every day of incarceration is making money for big business.
  So, even if flat busted, you are worth at least $60,000 a year because that is what the state will pay to the a private company to warehouse you.
13. Re:rushed target selection? by mmell · 2014-03-26 17:33 · Score: 1
  
  The terrible part is - the poor make better targets than the rich. They're less likely to perceive the importance of monitoring their credit rating and financial standing; if a thief can open one line of credit anywhere with the stolen identity, he's won - and a poor individual is not only less likely to catch the fraud quickly, they're less likely to have the resources to force their new "creditors" to admit they've been duped.
14. Re:rushed target selection? by Anonymous Coward · 2014-03-26 17:57 · Score: 0
  
  Then monster.com delivered on the work. win-win
15. Re:rushed target selection? by PPalmgren · 2014-03-27 00:44 · Score: 1
  
  Its not about being rich, its about being desperate and gullible. Getting a little from 1 out of 20 is better than getting a lot from one out of 20,000.
16. Re:rushed target selection? by Technician · 2014-03-27 03:36 · Score: 1
  
  Not everyone on Monster is unemployed.
  I fired my last boss. It was a pay increase, addition of medical, dental, paid relocation, stc.
  Sometimes it is a way to transition from a bad job match.
  
  --
  The truth shall set you free!
17. Re:rushed target selection? by Vitriol+Angst · 2014-03-27 06:31 · Score: 1
  
  It's not actually that stupid. As a job seeker, I've been worried about this for some time. You basically give someone the "keys to the kingdom" to put your resume and contact info online. It's a lot of exposure. I've seen the same job advertised for months and months on end -- can they find nobody qualified -- or are they fishing for info? It's hard to tell legitimate from crook today, because there isn't that much distinction in behavior.
  I had a call from a company that does contract consulting for a larger "allegedly more legitimate" company -- and they wanted my social security information before even having an interview - on the phone. I asked if there were a way to have a face-to-face without handing out the SS data -- nope. I also asked the parent company and they said; "yes, this was standard." I don't want to work for a company that makes this practice standard -- but then again, I do want to work at some point.
  How do I know there isn't another person doing work right now from India using my name? That's the thing -- you aren't stealing money from a job-hunter -- you are stealing their identity and qualifications and providing cheap labor. The company can look the other way and pay less, and the "alleged crook" can make a buck with labor and the American worker gets screwed.
  With a little imagination, I can think of a lot of ways to make money posting jobs that never hire and gathering information from job seekers. Now someone hacking the system to steal my data -- that's only a new added risk for me it's not that much worse than the current system to hunt for a job.
  
  --
  >>"ad space available -- low rates!!!"
Well that's one way to discourage using those site by Anonymous Coward · 2014-03-26 12:17 · Score: 0

CB was the first job seeker site to leak my email to spammers.
Monster.com has been a cesspool for attracting misguided recruiters for ages.
Contracted malware while searching for jobs... by Onuma · 2014-03-26 12:39 · Score: 1

...that's one surefire way NOT to get hired, especially for IT or infosec types of positions.

--
What else can happen when an unstoppable force collides with an immovable object?
Craig's List doesn't have any of these problems by turkeydance · 2014-03-26 12:45 · Score: 3, Informative

that's what i was told via an iPad.
1. Re:Craig's List doesn't have any of these problems by viperidaenz · 2014-03-26 14:07 · Score: 1
  
  Is that the iPad you won for being the 1,000,000,000th visitor?
What if by invictusvoyd · 2014-03-26 13:03 · Score: 1

The person clicking the "button" was applying in the computer security domain . Would clicking the "sign in" button disqualify him ?
This is an enhancement by TrollstonButterbeans · 2014-03-26 13:19 · Score: 1

Monster.com is mostly robot email spam hell with equally useless job listings.

So this is just builds character and makes the site more intriguing and entertaining, kind of like how adding a Wookie makes a Star Wars bar scene more fun.

--
Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
IMPOSSIBLE by Billly+Gates · 2014-03-26 13:21 · Score: 0

It is impossible to get 0wned unless you physically download something and run it! Ask any slashdoter?
We all know that running unpatched and ancient browsers like Firefox 3.6 with +100 exploits will not get you owned as that your Anti virus is useless! Just don't open things folks. As long as you do not run the latest IE which is patched you should be fine.
/

--
http://saveie6.com/
1. Re:IMPOSSIBLE by Anonymous Coward · 2014-03-26 15:46 · Score: 0
  
  It says nowhere they use a 0day, you silly billy.
  Unless you run Windows you'd have to download the source code, port it, compile it and then run it to get infected with this. Hardly worth the effort. And anyone still using an ancient browser version with known vulnerabilities is asking for trouble.
Only on windows. by Lumpy · 2014-03-26 13:37 · Score: 1

Chromebooks, Linux and OSX are left immune.
I am tired of being left out of all this fun, anyone have the email of the author so I can complain?

--
Do not look at laser with remaining good eye.
1. Re:Only on windows. by Anonymous Coward · 2014-03-26 14:42 · Score: 0
  
  There are plenty of exploit kits and rootkits for Linux. I don't think chromebooks have enough marketshare for even the most desperate of malware writers to target, OSX is also increasingly targeted. So I guess if you want to be safe go chromebooks, Avoid Linux and Windows and probably OSX too.
2. Re:Only on windows. by Opportunist · 2014-03-26 20:46 · Score: 1
  
  Sorry, but Malware follows the laws of the market. Supply and demand. As long as your exotic out of the world system has an insignificant market share, no Malware for you, buddy.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
3. Re:Only on windows. by Anonymous Coward · 2014-03-26 22:07 · Score: 0
  
  This is the best reason to run Windows RT.
4. Re:Only on windows. by Anonymous Coward · 2014-03-26 23:54 · Score: 0
  
  The fact that you can not save anything to the drive that is executable makes a chromebook 100% immune to any attacks. now if you enable developer mode, then it can have the potential. Or if you can get your malware accepted as clean in the Google plugin store.
  The best "haxors" on the planet couldn't own a chromebook even if they put all their efforts into it. It was the only thing left standing at the Pwn2Own competitions.
I don't mind by Anonymous Coward · 2014-03-26 14:25 · Score: 0

Go ahead and take me for everything I'm not worth, you'll be a dollarnaire.
What are they going to steal? by Arancaytar · 2014-03-27 03:02 · Score: 1

Resumes?
Seriously???!!!? by Anonymous Coward · 2014-03-27 06:00 · Score: 0

kick a guy when he down!!!
Doesn't (& CAN'T) affect me... apk by Anonymous Coward · 2014-03-27 11:12 · Score: 0

How/Why? Well... lol, YOU know -> Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen...
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> Per my subject-line above: Especially since my program's soruces ACTIVELY TRACK Zeus & it's variants - many times daily...
... apk