Alert! Monster.com Serving Gameover Zeus


monster-pic

Researchers have discovered a new variant of the financial Trojan Gameover Zeus that specifically targets the worldwide employment website Monster.com. Users who are infected by this variant are at risk of having their Monster.com log-in credentials compromised.

How it Works

Gameover Zeus has long been known for its prowess as a financial Trojan. The malware usually spreads through targeted phishing emails, and once installed it can be used to perform fraudulent banking transactions and to connect users to botnets for DDOS attacks.

This new variant of the Trojan uses Man-in-the-Browser techniques to inject a fraudulent sign-in button and form into Monster.com’s sign-in page.

Users who click the fake sign-in button send their Monster.com username and password to the attacker. They are then redirected to a form with a series of fake security questions, such as “In what City / Town does your nearest sibling live?” and “What are the last 5 digits / letters of your driver’s license number?”

Why this is a Threat

In 2013, Zeus’s Gameover variant was responsible for approximately one-third of all computerized attacks on financial institutions.  Early last year, Zeus was also found connecting to LinkedIn, and just last month it was found circulating Salesforce.com. Zeus is dangerous because it enables direct, covert, theft of funds. In comparison, the collection of user log-in credentials and random facts gathered through fake security questions may seem trivial, but it is not.

Threat Mitigation

Gameover Zeus usually spreads through targeted phishing emails. As such, if an email contains a suspicious attachment, don’t open it. In this regard, hiring managers with active Monster.com accounts are most at risk because they likely receive numerous emails with attached resumes on a daily basis and likely have a lot of information about a lot of people on their Monster.com account. Regardless, anyone with a Monster account is at risk.

If you are worried that your computer may be infected by this latest variant, our experts in the Help, my PC is infected! Emsisoft Forum are always ready and willing to help. Our removal service is free, even if you are not an Emsisoft customer yet.

Those running Emsisoft Anti-Malware are automatically protected from this threat. Although this is indeed a new variant of Zeus with a new signature, our Behavior Blocking Technology  can identify novel threats based on the way they interact with your computer.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a Great (Monster Malware-Free) Day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next