A security firm has revealed that hackers are targeting companies utilizing services of Monster Jobs, a well-known job portal, through a new variant of the Gameover computer Malware.
Gameover, the malware infecting the employment portal, is similar to the infamous Zeus banking malware whose source code was leaked in 2011. The Trojan steals log-in credentials and other sensitive information by injecting false web forms into the legitimate website when accessed from infected computers.
F-Secure, a security firm that analyzes the virus, phishing, spyware and spam attacks, has reported on its blog that the malware controls the accounts of the victim through a two-phase attack.
Sean Sullivan, the F-Secure security analyst, notes that the hackers first infect the victim’s system with the malware.
Gameover Zeus gets installed in the usual fashion from bait of some sort: spam or malvertising, exploit kit, bot installer. Once installed Gameover is able to grab information from forms – so the username and passwords as they are typed,” said the analyst.
A computer infected with Gameover Zeus will inject a new ‘Sign In’ button [into the Monster.com sign-in page], but the page looks otherwise identical,” he added.
In the second phase of the attack, the hackers try to gain control over the remaining sensitive information through using a fake security check. This page asks them to select and answer three security questions out of 18. The complete list of questions is available on the F-Security blog.
The blog warned the recruiters to be alert about any such irregularities.
HR recruiters with website accounts should be wary of any such irregularities. If the account is potentially tied to a bank account and a spending budget, it’s a target for banking Trojans,” said the blog.
V3, a technology news site, did try to contact Monster about the malware attack, but was unable to elicit any response from them.
V3 reports that it is unclear how many victims have been ensnared from the attack and quotes Sullivan, as saying, “It’s a peer-to-peer botnet so it’s tricky to count.”
He also added, “There is some excellent analysis from Dell SecureWorks, which details about 24,000 Gameover bots, in July 2012. I haven’t seen any attempts to count the entire Gameover botnet recently, but I’m sure it’s still in the multiple tens of thousands.”
F-Secure feels that Monster could easily contain the malware infiltration if it adopts a robust authentication system that goes beyond mere security questions, perhaps a two-factor authentication.
The two-factor authentication is an increasingly common security protocol adopted by numerous online service providers like Tumblr, Twitter, and Dropbox.
Gameover Trojan programs have recently increased in their activities.
Another security firm, Malcovery Security, reported in early February about a new variant of Gameover being distributed as encrypted .enc file.
During the same month, analysts from Sophos discovered another Gameover variant with a kernel-level rootkit component.