Trojan Hidden on Job Search Sites Steals Personal Data

SecureWorks researchers have uncovered a cache of stolen data from 46,000 victims of a variant of the Prg Trojan that has been used to swipe personal information from unsuspecting visitors to job sites. Experts at the Atlanta-based security company said the information includes bank and credit card account numbers, social security numbers and passwords. The victims were infected—and in numerous cases re-infected—by ads on popular, online job sites, including during the past three months.

The hackers behind the attack are running ads on the sites and injecting those ads with the Trojan. When an user views or clicks on one of the malicious ads, their PC is infected and all the information entered into their browser, such as financial information entered before it reaches SSL protected sites, is captured and sent off to the hacker's server, according to SecureWorks researcher Don Jackson.

View: the full story
News source: eWeek

Report a problem with article
Previous Story

Fakes: Can You Tell The Difference?

Next Story

Asustek to start volume shipments of Eee PCs in September


Commenting is disabled on this article.

How does simply viewing the ad insert the malware? Is this due to the past buffer overflow exploit in the graphics library that renders images? That was patched months ago. What's the actual vector for this "infection"?