Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gameover Malware Targets Job Seekers

Posted by Soulskill on from the game-over-man,-game-over dept.

itwbennett writes: "A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts. Like the Zeus banking malware on which it is based, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers. 'A computer infected with Gameover ZeuS will inject a new 'Sign In' button [into the Monster.com sign-in page], but the page looks otherwise identical,' security researchers from antivirus firm F-Secure said Tuesday in a blog post."

19 of 42 comments (clear)

  1. rushed target selection? by Tablizer · · Score: 5, Funny

    What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?

    --
    Table-ized A.I.
    1. Re:rushed target selection? by Joe_Dragon · · Score: 1

      to send out word docs loaded with word macro virus

    2. Re:rushed target selection? by Beardo+the+Bearded · · Score: 4, Funny

      Yeah, that's what I was thinking. Are you going to steal my no money? Go right ahead.

      It's like... if someone breaks into my house looking for money and valuables, I'll hand out flashlights, turn on the lights, and we'll all look together.

      My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.

      --

      ---
      ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
    3. Re:rushed target selection? by rmdingler · · Score: 1

      Not everyone looking for a job is currently unemployed, of course, and it may have more to do with security vulnerabilities at Monster and CareerBuilders than potential individual targets.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    4. Re:rushed target selection? by moschner · · Score: 3, Insightful

      Not only are many who are looking for a job already employed, but job sites are a treasure trove of personal information. People post resumes with nearly everything but their ssn. They also give out phone numbers and email address of people they know.

      And if you know people are looking for a job, what kinds of jobs, and can then build targeted phishing that looks like a job offer/application, get the person to give you their SSN and information, then sell it or use it.

    5. Re:rushed target selection? by drinkypoo · · Score: 2

      My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.

      Yeah, you say that, but if you can find a corrupt court then you can do anything. For example, some mexican gave some other mexican a car under my social security number. No, like, they're both really Mexican, I'm just kinda Mexican. And then a court in Nevada City, CA went ahead and awarded a judgment against me on the basis of a check cashing card with my social written on it. I haven't bothered to deal with it because I'm not trying to buy a house or anything, but I'll probably have to drive for four fucking hours to get to court in a place even more bumfucked than where I live now in order to deal with it if I don't just leave the country and let them jerk off over this supposed debt until the country collapses. Still undecided, but leaning that way.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:rushed target selection? by niftymitch · · Score: 1

      What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?

      Many unemployed still have stuff to steal: identity, credit line, bank account, unemployment checks,..
      what they do not have is money to tempt the dark side... (legal types) to defend and advocate for them.

      There have been many analysis of the reason it is low risk and profitable to steel bicycles but
      not $10,000.00 from a bank.

      If the police end up in the presence of cash at the home of a thief they impound it
      and the home and more and slip it ALL into the coffers of the municipality/ controlling agency.

      So crook "A" has stolen $500,000.00 and they smash the door down for
      one theft of $10,000.00 now $490,000.00 goes into the pockets of one group
      of crooks armed by your tax dollars and sure $10,000.00 goes back to the
      one "known victim". Bicycles... what is the value of having 1000 more of them to the cops?

      --
      Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
    7. Re:rushed target selection? by mmell · · Score: 1

      The terrible part is - the poor make better targets than the rich. They're less likely to perceive the importance of monitoring their credit rating and financial standing; if a thief can open one line of credit anywhere with the stolen identity, he's won - and a poor individual is not only less likely to catch the fraud quickly, they're less likely to have the resources to force their new "creditors" to admit they've been duped.

    8. Re:rushed target selection? by PPalmgren · · Score: 1

      Its not about being rich, its about being desperate and gullible. Getting a little from 1 out of 20 is better than getting a lot from one out of 20,000.

    9. Re:rushed target selection? by Technician · · Score: 1

      Not everyone on Monster is unemployed.

      I fired my last boss. It was a pay increase, addition of medical, dental, paid relocation, stc.
      Sometimes it is a way to transition from a bad job match.

      --
      The truth shall set you free!
    10. Re:rushed target selection? by Vitriol+Angst · · Score: 1

      It's not actually that stupid. As a job seeker, I've been worried about this for some time. You basically give someone the "keys to the kingdom" to put your resume and contact info online. It's a lot of exposure. I've seen the same job advertised for months and months on end -- can they find nobody qualified -- or are they fishing for info? It's hard to tell legitimate from crook today, because there isn't that much distinction in behavior.

      I had a call from a company that does contract consulting for a larger "allegedly more legitimate" company -- and they wanted my social security information before even having an interview - on the phone. I asked if there were a way to have a face-to-face without handing out the SS data -- nope. I also asked the parent company and they said; "yes, this was standard." I don't want to work for a company that makes this practice standard -- but then again, I do want to work at some point.

      How do I know there isn't another person doing work right now from India using my name? That's the thing -- you aren't stealing money from a job-hunter -- you are stealing their identity and qualifications and providing cheap labor. The company can look the other way and pay less, and the "alleged crook" can make a buck with labor and the American worker gets screwed.

      With a little imagination, I can think of a lot of ways to make money posting jobs that never hire and gathering information from job seekers. Now someone hacking the system to steal my data -- that's only a new added risk for me it's not that much worse than the current system to hunt for a job.

      --
      >>"ad space available -- low rates!!!"
  2. Contracted malware while searching for jobs... by Onuma · · Score: 1

    ...that's one surefire way NOT to get hired, especially for IT or infosec types of positions.

    --
    What else can happen when an unstoppable force collides with an immovable object?
  3. Craig's List doesn't have any of these problems by turkeydance · · Score: 3, Informative

    that's what i was told via an iPad.

    1. Re:Craig's List doesn't have any of these problems by viperidaenz · · Score: 1

      Is that the iPad you won for being the 1,000,000,000th visitor?

  4. What if by invictusvoyd · · Score: 1

    The person clicking the "button" was applying in the computer security domain . Would clicking the "sign in" button disqualify him ?

  5. This is an enhancement by TrollstonButterbeans · · Score: 1

    Monster.com is mostly robot email spam hell with equally useless job listings.

    So this is just builds character and makes the site more intriguing and entertaining, kind of like how adding a Wookie makes a Star Wars bar scene more fun.

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
  6. Only on windows. by Lumpy · · Score: 1

    Chromebooks, Linux and OSX are left immune.

    I am tired of being left out of all this fun, anyone have the email of the author so I can complain?

    --
    Do not look at laser with remaining good eye.
    1. Re:Only on windows. by Opportunist · · Score: 1

      Sorry, but Malware follows the laws of the market. Supply and demand. As long as your exotic out of the world system has an insignificant market share, no Malware for you, buddy.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. What are they going to steal? by Arancaytar · · Score: 1

    Resumes?