monster.com hacked

"Portions of Monster.com went black on Monday after attackers hijacked job listings hosted on the popular employment website and used them to spread malware to visitors, a security researcher said."

...

"the site had been subject to an iFrame attack that was redirecting visitors to servers that hosted exploits from Neosploit, a nasty attack toolkit that competes with better-known packages such as MPack and Icepack."

Yes, the site is reported as being clean at the time the report went live, but here's the problem.  We don't know if those responsible for the Monster web site have been able to work out how the bad guys were able to get in and add malicious code to the web site.  If those responsible for the Monster site don't know how it happened, and if they haven't taken steps to ensure it doesn't happen again, then, going on historical incidents, Monster could be hacked again very quickly.

Source: http://www.theregister.co.uk/2007/11/20/latest_monster_security_breach/

Published Wed, Nov 21 2007 7:36 by sandi