Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2009-01-23 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Monster.com and USAJobs.gov's databases compromised

Published: 2009-01-23
Last Updated: 2009-01-23 22:55:51 UTC
by Joel Esler (Version: 1)
1 comment(s)

We got a tip from a reader (thanks David!), that apparently Monster.com's database and USAJobs.gov's database was compromised and information was stolen.  To clarify, USAJobs.gov's database is ran by Monster, as outlined in their post here.

(Monster's press release is here.)

Quoting from USAJobs.gov's website:

"We recently learned that the Monster database was illegally accessed and certain contact and account data were taken, including user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. The accessed information does not include - sensitive data such as social security numbers or personal financial data."

So I am sure some phishing attempts will come of this, as both of the press releases allude to.

Monster states in their release that you will be required to change your password on the site soon.  So I'd recommend that you go ahead and do that proactively.  Don't use a password that you'd use anywhere else. (For those of you that use the same password on Monster.com and yourbankhere.com.  You know who you are!)

-- Joel Esler http://www.joelesler.net

Keywords:
1 comment(s)

iWork 2009 Trojan

Published: 2009-01-23
Last Updated: 2009-01-23 13:53:29 UTC
by Joel Esler (Version: 4)
0 comment(s)

It's already pretty widely reported in the media, take for instance here and here.

First reported by Intego, this trojan apparently is distributed by downloading Bittorrented copies of iWork 2009 from the Internet and installing them.  The Trojan is installed as part of the software package, by, yup, you guessed it, you giving the software permissions to install by giving it your password.

Apparently this backdoor opens a hole on your computer, reporting back to a central server in order to allow the attacker to connect and issue commands to your system.

So, what can we learn from this?

1)  If you Bittorrent software you are supposed to buy, and break the law in doing so...  you have to deal with the ramifications...

2)  Hey, you can download the Trial from Apple.com, and then buy it, and they give you a serial number!  You don't even have to go to the store to get a boxed copy!  You already spent the money and bought a mac, you cheapskate, now if you want iWork, spend the 79 bucks and buy it like you are supposed to.

Update:  Removed a phrase, people thought I was advocating Torrenting expensive software (as opposed to inexpensive).  Wrong.  It's illegal.

-- Joel Esler http://www.joelesler.net

Keywords:
0 comment(s)
Diary Archives