Warning: scam involving Monster.com

If you receive an email today that purports to be from Monster.com, and warns you that you need to download and install a “Monster Job Seeker Tool,” don’t do it. Forward the email to siteabuse@monster.com; it is a scam.

I immediately became suspicious when I saw this email, first because the grammar was so atrocious. When I saw that it contained a link to download an executable, I was even more suspicious, especially when I saw that the link itself pointed to a server that’s not part of Monster.com. So I reported it to them, and they confirmed that it is a scam targeting their users.

Of course I’m naturally cynical and suspicious about everything, but I worry about other folks out there who aren’t quite as savvy as I am. I suppose that’s how a lot of viruses get spread on the Internet, and computers get infected with spyware and other nasty things.

Advertisements

3 Responses to Warning: scam involving Monster.com

  1. Harsha says:

    Thank you for this info and the monster id (I already forwarded that email).
    Unfortunately, I executed this file.
    However, I had Spybot S&D installed and active and it warned me that the registry was modified and I was able to prevent it from changing it.
    I do hope that deleting that entry and preventing the registry change has fixed whatever that malicious program had done/tried to do.

    =====================
    It added this to the registry.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    “Userinit”=”C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ntos.exe,”

    I had spybot on, so I kept getting this message if I wanted to allow the change, I did not allow it.
    However, I was not able to identify which process was initiating this.
    ==================

    After I deleted the offending key, something (either Windows or the spyware) added another entry.
    “Userinit”=”C:\\WINDOWS\\system32\\ntos.exe,”

    If it was Windows that added it, then I am guessing that the 2nd entry is the default entry that may have always been there.

    If not, then the malware was/is still in memory and added this ntos.exe information and the first part containing userinit.exe may have been the original value.

    Wish someone would post more info on this if they knew about it.

  2. MGilly says:

    Wow, Harsha, that sucks! Thanks for posting about your experience. From what I found by doing a Google search on “ntos.exe,” it sounds like that second entry is the normal one that Windows creates. Apparently if it’s deleted, you won’t be able to log into Windows anymore! This particular trojan was first observed in 2006, and then the new variant was noted recently. Hopefully some of the third-party tools should be able to fix it. I would check the forums at http://www.spywareinfo.com/ since they may be able to help.

  3. Jobmatchbox says:

    Let’s hope that major job board sites don’t the target of the next generation of Paypal and Ebay like phishing scams that are already widespread on the web.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: