Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Hackers target recruitment sites for infecting visitors

Tier-3 : 13 June, 2008  (Technical Article)
High level positions targetted by hackers to by gaining access to their computers through infecting recruitment agency web sites
Tier-3 says that newswire reports that recruitment sites are being used by hackers to infect users with malware and other security threats reflect the increasingly devious approach that hackers are taking.

'MessageLabs have discovered that hackers are exploiting the current credit crunch, and the fact that many senior people's careers are stagnating as a result. They are luring people with the promise of new jobs and higher salaries, but all users end up with is an infected PC or worse,' said Geoff Sweeney, Tier-3's CTO.

According to Sweeney, the IT security vendors' research has uncovered a legitimate ad on a large Australian recruitment Web site that is being referenced by an RTF (rich text format) letter with an embedded Adobe PDF file.

'Internet users think the email and its associated RTF file are genuine, but they end up infecting their PCs with a Trojan that opens their machines up to remote hackers,' he said.

'Problems start to occur when users click through on the Adobe PDF and wait for their screen to update. This, of course, doesn't happen, but the machine is really being infected in the background,' added.

Sweeney went on to say that hackers appear to be targeting senior managers and even board level executives with the emails, As a result, the recipients think the email-shot is genuine and do not suspect anything.

We have witnessed this sort of attack vector in corporations now for sometime as the combination of social engineering and stealth malware has an extremely high infection rate as it lowers both the end users guard and can bypass most antivirus and content checking systems.

'The problem with these types of infection is that they are almost impossible to stop owing to human psychology. With behavioural analysis IT security technology, however, even if the user clicks on the embedded PDF, behavioural analysis software can recognize and suspicious activity immediately,' he explained.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo