Phony Job Ad Nets More Stolen Identities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

Phony Job Ad Nets More Stolen Identities

The data apparently is being stolen and stockpiled by one hacker group using the latest variance of the Prg Trojan.

Last week, a security company reported that it found about 100,000 stolen identities hidden away in a dozen caches spread across the globe. Now it seems that number may be a fraction of the amount that hackers have stolen and socked away.

Researchers at Symantec have found another major database of information. This one contains 1.6 million pieces of facts such as names, addresses, mobile phone numbers, and name of employers. The number correlates to data pieces, not 1.6 million victims, said Dave Cole, director of Symantec's Security Response team.

It's still unclear how many stolen identities -- how many victims of identity theft -- the information in that cache represents, added Cole.

"This is a spammer's dream," Cole said in an interview with InformationWeek. "You've all this fresh data. ... We see stolen data all the time. In terms of shock value, this is a lot of data, for sure. Is it the most complete data we've ever seen? No, I don't think so."

This new cache of stolen data seems to be connected to the 12 caches that security researchers at SecureWorks reported finding last week. The data is apparently being stolen and stockpiled by one hacker group using the latest variance of the Prg Trojan, which also is known as Ntos, Tcp Trojan, Zeus, Infostealer.Monstres, and Banker.aam.

The largest cache that SecureWorks found contained the stolen identities of 46,000 people.

The stolen data, which includes bank and credit card account information, Social Security numbers, online payment account user names, and passwords, comes from victims who were all individually infected with the Trojan beginning in early May.

Don Jackson, a researcher with security company SecureWorks, said in an interview that the latest variant of the Prg Trojan has been running on fraudulent ads on at least two online job sites. One, he said, is Representatives from Monster did not return a request for an interview.

Symantec's Cole, who said Monster has been working with his company on the case, added that legitimate Web sites are often conned into running phony and malicious ads. "These types of attacks can happen to pretty much any kind of site," he said. "Complex and robust Web sites are pulling information from different areas. Presenting a safe and secure commercial site ... is a lot harder than it used to be."

A spokeswoman for SecureWorks pointed out that the hackers seem to be using different attack vectors -- both malicious ads and e-mails that are being sent to Monster users.

Cole also said he's not seeing nearly as much activity going on now for the Prg Trojan and thinks the hackers have gone underground to ride out some of the media and security attention they're getting right now.

"It may pop back up when the coast is clear," he added. "It's reasonable to say it's a lot of the same people using different tactics. They'll probably go quiet for a while and then pop back up on another site."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll