Hundreds of thousands of people who went to Monster.com looking for jobs or new recruits got more than they bargained for when wily criminals used the site to silently install Trojans on unsuspecting users' computers.

The attacks, discovered by SecureWorks, worked by inserting advertisements at Monster.com that included a Trojan horse variant. The attack works similar to MPack-based attacks in that it tries to determine what vulnerabilities might exist on a user's computer and then sends a payload designed to exploit any vulnerabilities. The exploit in turn installs a Trojan that among other actions gathers personal information entered on the local keyboard. SecureWorks said it had located a server that stored the stolen personal information. "The data, which includes bank and credit card account information, \[social security numbers\], online payment account user names and passwords and other personal information, is from 46,000 victims who were all individually infected. The infection began in early May. The victims are being infected and reinfected by ads on various online job sites," wrote Don Jackson in SecureWorks' blog.

Symantec conducted research into the matter and discovered a server that contained data files with more than 1.6 million records "with personal information belonging to several hundred thousand people," according to Amado Hidalgo at Symantec.

Vikram Thakur at Symantec said the records might be used to conduct scams that include job offers to those whose personal information was stolen. According to email templates gathered by Symantec in its research of the Trojan, potential candidates would be required to open a bank account at a specific bank and then provide account details to the supposed employer. Such details could then be easily used to turn the account into a money mule or laundering facility.

Monster.com reportedly helped shut down one of the servers used to gather and store victims' personal information. In a security notice posted at the company's Web site, the company wrote, "We have recently become aware of a fraudulent email (claiming to be from Monster) that was sent to a large group of Internet users, including some of our customers. Although the fraudulent email may appear to be from Monster, it is actually a phishing attempt that will try to obtain personal information from you or lure you into downloading a malicious program. If you have clicked on a link in this email, we highly recommend that you run an anti-virus application to remove anything that may have been installed on your computer, and contact a Monster Representative to have your Monster account password changed."