Infected Job Search Sites Lead to Info Theft for 46,000

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ComputerWorld.

[snip]

A security researcher at SecureWorks Inc. has uncovered a cache of
financial and personal data that was stolen from about 46,000 individuals
by a variant of Prg, a Trojan program gaining notoriety for its
quick-change behaviors.

The stolen data includes bank and credit card account information and
Social Security numbers as well as usernames and passwords for online
accounts. Many of the victims were infected and reinfected as they visited
several leading online job search sites, including the popular Monster.com.

Don Jackson, the SecureWorks researcher who found the collection, said it
was the largest single cache of data he discovered from the Prg Trojan, a
piece of malware first seen in the wild in June. According to Jackson, the
server he examined is still collecting stolen data, with up to 10,000
victims feeding it information at any particular time.

[snip]

More:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax
onomyName=security&articleId=9031139

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGxfTBq1pz9mNUZTMRAq4OAKDiq9GGYnTqP7vIqW4jb2T2yQPY4QCdFfDF
NGN3ZszUylxJnR/GBZaD6LA=
=/zqA
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.