Big hack today
It seems that company.monster.com suffered some sort of iframe injection attack today. Our SearchShield prevalence data has detected multiple brands affected, including Eddie Bauer, GMAC Mortgage, BestBuy, Toyota Financial, Tricounties Bank as hacked and iframing out to an exploit server.
It was probably just today, as it wasn't showing up yesterday, and was not in any search engine cache that we could see.
Monster has already taken the pages offline. Yay, Monster.
We detect it as the Neosploit exploit package. It is fairly well encrypted, so it's not yet clear exactly what exploits are in use. We'll post more information as we figure that out.
It is also not clear how many pages were affected, but it is likely that the attack was the same for all companies on the website, which _might_ turn out to be a pretty good set of Fortune 500.
A couple of individual researchers noticed it at about the same time we did, but I'm not sure if they can be mentioned / want to be mentioned, so I'll reserve that for the moment.
Labels: monster exploit