During the week end, as reported by the security companies Symantec and SecureWorks, Monster.com, one of the largest recruitment sites, has suffered a security breach and a Trojan horse has stolen more than 1.6 million records of the people registered to the site.   

According to a post signed by Symantec security analyst Amado Hidalgo, the Trojan horse, called Infostealer.Monstres, appears to be using the credentials of a number of recruiters to login to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.

The data retrieved by the Trojan are then used to target the Monster.com users with credible phishing mail that plants more malware on their machines

"The Trojan sends HTTP commands to the Monster.com Website to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches," Hidalgo explained on Symantec’s blog.

The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers, said Hidalgo.

Hidalgo also noted that the main file used by Infostealer.Monstres, ntos.exe, is also commonly used by Trojan.Gpcoder.E and both also have a similar icon for the executable file that reproduces the Monster.com company logo. Furthermore the code for Gpcoder is rather similar to that of Monstres, which may indicate the same hacker group is behind both Trojans.

Symantec quickly informed Monster.com about their discoveries and the security company advises users to protect their identity when using recruitment sites, or at least limit their exposure to identity theft,  by limiting the contact information posted on these sites and never disclosing sensitive details such as your Social Security number, passport or driver’s license numbers, bank account information.

"We are investigating the reports related to this Trojan and will take any necessary steps indicated by that investigation," Monster.com spokesman Steve Sylven said Sunday in an e-mail.