Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Gameover Malware Targets Job Seekers

Soulskill posted about 5 months ago | from the game-over-man,-game-over dept.

Security 42

itwbennett writes: "A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts. Like the Zeus banking malware on which it is based, Gameover can steal log-in credentials and other sensitive information by injecting rogue Web forms into legitimate websites when accessed from infected computers. 'A computer infected with Gameover ZeuS will inject a new 'Sign In' button [into the Monster.com sign-in page], but the page looks otherwise identical,' security researchers from antivirus firm F-Secure said Tuesday in a blog post."

cancel ×

42 comments

Sorry! There are no comments related to the filter you selected.

rushed target selection? (5, Funny)

Tablizer (95088) | about 5 months ago | (#46589149)

What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?

Re:rushed target selection? (1)

Joe_Dragon (2206452) | about 5 months ago | (#46589163)

to send out word docs loaded with word macro virus

Re: rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46589243)

Maybe the plan is to get SSN, address, DoB and other info required to apply for credit?

Re: rushed target selection? (-1)

Anonymous Coward | about 5 months ago | (#46589495)

And because Republicans believe in punishing victims you'll be screwed over twice. I know blaming ID theft victims isn't in the same league as how they blame rape victims, but it's the same concept.

Re: rushed target selection? (-1)

Anonymous Coward | about 5 months ago | (#46589815)

Hey LIBTARD! Republicans don't blame victims, that's the Muslim countries you want us to be like that blame victims.

Re: rushed target selection? (-1)

Anonymous Coward | about 5 months ago | (#46592383)

Muslim nations are conservative. Ruled by religious law, oppress women, hate gays, punish people for sex. Sounds like republicans to me.

Re:rushed target selection? (4, Funny)

Beardo the Bearded (321478) | about 5 months ago | (#46589297)

Yeah, that's what I was thinking. Are you going to steal my no money? Go right ahead.

It's like... if someone breaks into my house looking for money and valuables, I'll hand out flashlights, turn on the lights, and we'll all look together.

My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.

Re:rushed target selection? (2)

drinkypoo (153816) | about 5 months ago | (#46590081)

My CC is maxed, my LOC is full, my mortgage is full, and my savings are nil. Nothing like getting laid off just after finishing up a divorce.

Yeah, you say that, but if you can find a corrupt court then you can do anything. For example, some mexican gave some other mexican a car under my social security number. No, like, they're both really Mexican, I'm just kinda Mexican. And then a court in Nevada City, CA went ahead and awarded a judgment against me on the basis of a check cashing card with my social written on it. I haven't bothered to deal with it because I'm not trying to buy a house or anything, but I'll probably have to drive for four fucking hours to get to court in a place even more bumfucked than where I live now in order to deal with it if I don't just leave the country and let them jerk off over this supposed debt until the country collapses. Still undecided, but leaning that way.

Re:rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46590173)

You are always useful if someone manages to get you arrested and given a long sentence in the US prison system. The private prison system where every day of incarceration is making money for big business.

So, even if flat busted, you are worth at least $60,000 a year because that is what the state will pay to the a private company to warehouse you.

Re:rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46590613)

Then monster.com delivered on the work. win-win

Re:rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46589309)

Less likely to have funding and such to fight back? It is expensive to be poor.

Re:rushed target selection? (1)

rmdingler (1955220) | about 5 months ago | (#46589373)

Not everyone looking for a job is currently unemployed, of course, and it may have more to do with security vulnerabilities at Monster and CareerBuilders than potential individual targets.

Re:rushed target selection? (4, Insightful)

moschner (3003611) | about 5 months ago | (#46589573)

Not only are many who are looking for a job already employed, but job sites are a treasure trove of personal information. People post resumes with nearly everything but their ssn. They also give out phone numbers and email address of people they know.

And if you know people are looking for a job, what kinds of jobs, and can then build targeted phishing that looks like a job offer/application, get the person to give you their SSN and information, then sell it or use it.

Re: rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46589473)

But they're the perfect target for that reason. Republicans don't care about the poor so this will never be investigated.

Re:rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46589633)

Maybe they steal your credentials and use them to attain employment... seriously, it explains some of my coworkers...

Re:rushed target selection? (0)

Anonymous Coward | about 5 months ago | (#46589697)

What kind of genius thief selects the unemployed to steal from?

They're not trying to steal from you.

Dice just wants your details to send more spam.

Re:rushed target selection? (1)

niftymitch (1625721) | about 5 months ago | (#46590141)

What kind of genius thief selects the unemployed to steal from? What's next, Pinto owners?

Many unemployed still have stuff to steal: identity, credit line, bank account, unemployment checks,..
what they do not have is money to tempt the dark side... (legal types) to defend and advocate for them.

There have been many analysis of the reason it is low risk and profitable to steel bicycles but
not $10,000.00 from a bank.

If the police end up in the presence of cash at the home of a thief they impound it
and the home and more and slip it ALL into the coffers of the municipality/ controlling agency.

So crook "A" has stolen $500,000.00 and they smash the door down for
one theft of $10,000.00 now $490,000.00 goes into the pockets of one group
of crooks armed by your tax dollars and sure $10,000.00 goes back to the
one "known victim". Bicycles... what is the value of having 1000 more of them to the cops?

Re:rushed target selection? (1)

mmell (832646) | about 5 months ago | (#46590567)

The terrible part is - the poor make better targets than the rich. They're less likely to perceive the importance of monitoring their credit rating and financial standing; if a thief can open one line of credit anywhere with the stolen identity, he's won - and a poor individual is not only less likely to catch the fraud quickly, they're less likely to have the resources to force their new "creditors" to admit they've been duped.

Re:rushed target selection? (1)

PPalmgren (1009823) | about 5 months ago | (#46591835)

Its not about being rich, its about being desperate and gullible. Getting a little from 1 out of 20 is better than getting a lot from one out of 20,000.

Re:rushed target selection? (1)

Technician (215283) | about 5 months ago | (#46593131)

Not everyone on Monster is unemployed.

I fired my last boss. It was a pay increase, addition of medical, dental, paid relocation, stc.
Sometimes it is a way to transition from a bad job match.

Re:rushed target selection? (1)

Vitriol+Angst (458300) | about 5 months ago | (#46594773)

It's not actually that stupid. As a job seeker, I've been worried about this for some time. You basically give someone the "keys to the kingdom" to put your resume and contact info online. It's a lot of exposure. I've seen the same job advertised for months and months on end -- can they find nobody qualified -- or are they fishing for info? It's hard to tell legitimate from crook today, because there isn't that much distinction in behavior.

I had a call from a company that does contract consulting for a larger "allegedly more legitimate" company -- and they wanted my social security information before even having an interview - on the phone. I asked if there were a way to have a face-to-face without handing out the SS data -- nope. I also asked the parent company and they said; "yes, this was standard." I don't want to work for a company that makes this practice standard -- but then again, I do want to work at some point.

How do I know there isn't another person doing work right now from India using my name? That's the thing -- you aren't stealing money from a job-hunter -- you are stealing their identity and qualifications and providing cheap labor. The company can look the other way and pay less, and the "alleged crook" can make a buck with labor and the American worker gets screwed.

With a little imagination, I can think of a lot of ways to make money posting jobs that never hire and gathering information from job seekers. Now someone hacking the system to steal my data -- that's only a new added risk for me it's not that much worse than the current system to hunt for a job.

Well that's one way to discourage using those site (0)

Anonymous Coward | about 5 months ago | (#46589151)

CB was the first job seeker site to leak my email to spammers.
Monster.com has been a cesspool for attracting misguided recruiters for ages.

Contracted malware while searching for jobs... (1)

Onuma (947856) | about 5 months ago | (#46589287)

...that's one surefire way NOT to get hired, especially for IT or infosec types of positions.

Craig's List doesn't have any of these problems (3, Informative)

turkeydance (1266624) | about 5 months ago | (#46589303)

that's what i was told via an iPad.

Re:Craig's List doesn't have any of these problems (1)

viperidaenz (2515578) | about 5 months ago | (#46589641)

Is that the iPad you won for being the 1,000,000,000th visitor?

What if (1)

invictusvoyd (3546069) | about 5 months ago | (#46589389)

The person clicking the "button" was applying in the computer security domain . Would clicking the "sign in" button disqualify him ?

This is an enhancement (1)

TrollstonButterbeans (2914995) | about 5 months ago | (#46589443)

Monster.com is mostly robot email spam hell with equally useless job listings.

So this is just builds character and makes the site more intriguing and entertaining, kind of like how adding a Wookie makes a Star Wars bar scene more fun.

IMPOSSIBLE (0)

Billly Gates (198444) | about 5 months ago | (#46589457)

It is impossible to get 0wned unless you physically download something and run it! Ask any slashdoter?

We all know that running unpatched and ancient browsers like Firefox 3.6 with +100 exploits will not get you owned as that your Anti virus is useless! Just don't open things folks. As long as you do not run the latest IE which is patched you should be fine.
/

Re:IMPOSSIBLE (0)

Anonymous Coward | about 5 months ago | (#46590135)

It says nowhere they use a 0day, you silly billy.
Unless you run Windows you'd have to download the source code, port it, compile it and then run it to get infected with this. Hardly worth the effort. And anyone still using an ancient browser version with known vulnerabilities is asking for trouble.

Test (-1)

Anonymous Coward | about 5 months ago | (#46589479)

https://www.youtube.com/watch?v=e4ry9zJkVF8

Only on windows. (1)

Lumpy (12016) | about 5 months ago | (#46589525)

Chromebooks, Linux and OSX are left immune.

I am tired of being left out of all this fun, anyone have the email of the author so I can complain?

Re:Only on windows. (0)

Anonymous Coward | about 5 months ago | (#46589845)

There are plenty of exploit kits and rootkits for Linux. I don't think chromebooks have enough marketshare for even the most desperate of malware writers to target, OSX is also increasingly targeted. So I guess if you want to be safe go chromebooks, Avoid Linux and Windows and probably OSX too.

Re:Only on windows. (0)

Anonymous Coward | about 5 months ago | (#46591547)

The fact that you can not save anything to the drive that is executable makes a chromebook 100% immune to any attacks. now if you enable developer mode, then it can have the potential. Or if you can get your malware accepted as clean in the Google plugin store.

The best "haxors" on the planet couldn't own a chromebook even if they put all their efforts into it. It was the only thing left standing at the Pwn2Own competitions.

Re:Only on windows. (1)

Opportunist (166417) | about 5 months ago | (#46590981)

Sorry, but Malware follows the laws of the market. Supply and demand. As long as your exotic out of the world system has an insignificant market share, no Malware for you, buddy.

Re:Only on windows. (0)

Anonymous Coward | about 5 months ago | (#46591229)

This is the best reason to run Windows RT.

Doesn't (& CAN'T) affect me... apk (-1)

Anonymous Coward | about 5 months ago | (#46589535)

How/Why? Well... lol, YOU know -> Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> Per my subject-line above: Especially since my program's soruces AC TIVELY TRACK Zeus & it's variants - many times daily...

...apk

Thank heavens we have dice! (-1)

Anonymous Coward | about 5 months ago | (#46589617)

Oh what would we *ever* do without the benevolent Dice Holdings Inc to save us from the onslaught of malware on *other* job sites! If only they were to "improve" this site as well with some sort of a "Beta" version that would equally protect us from the children! Or is it for the Children? Either way, Beta us for our own Good!

I don't mind (0)

Anonymous Coward | about 5 months ago | (#46589739)

Go ahead and take me for everything I'm not worth, you'll be a dollarnaire.

Fep6? (-1)

Anonymous Coward | about 5 months ago | (#46590815)

Mr. Raymond's this is consistent Myself. This isn't volume of NetBSD if you don't beyond the scOpe of share, this news in eternity...Romeo

What are they going to steal? (1)

Arancaytar (966377) | about 5 months ago | (#46592835)

Resumes?

Seriously???!!!? (0)

Anonymous Coward | about 5 months ago | (#46594509)

kick a guy when he down!!!

Doesn't (& CAN'T) affect me... apk (0)

Anonymous Coward | about 5 months ago | (#46597909)

How/Why? Well... lol, YOU know -> Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> Per my subject-line above: Especially since my program's soruces ACTIVELY TRACK Zeus & it's variants - many times daily...

... apk

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>