If you're new here, you may want to subscribe to my RSS feed. If you have any questions, please see my policies page or if you would like to contact me, you can do so here. You can find out more about me here. I sincerely thank you for visiting!

If you’re a user of Monster.com, you might want to check your computer for malware. Security Fix’s Brian Krebs is reporting that a group has stolen the identities of about 40,000 Monster users by planting trojan horses in advertisements on the site. The information includes SSNs, names, addresses, bank account info, and any other information that people put into Monster (I’m guessing the bank account info is from the student loan ads on the site). While some of the adverts required user interaction, it appears that some were sophisticated enough to run without prompting by the user and looked for known software vulnerabilities in Quicktime, Windows Media Player, or your web browser to deliver the payload.

The odd thing is that there is a possibility that the virus writers really did want to hire you. Another part of the trojan sends out work at home span that includes the virus. There is speculation that the groups want to hire people as part of work at home scams that typically end up with the “employee” unwittingly laundering funds or fencing stolen property.

As always, patch software vulnerabilities ASAP (the linked post has a link to tools that can help) and never, ever, ever, ever open up e-mails, much less attachments, from people you don’t know.