From the Washington Post:

“SecureWorks says that since May, more than 40,000 people have had their personal information stolen — including Social Security numbers, bank account data and job site credentials — thanks to a Trojan horse program that was planted in several advertisements running on the jobs site. According to Symantec, the malware steals sensitive data posted by victims to and then relays that information to a Web site controlled by the attackers.”

Symantec’s advisory won’t say what the spam looks like, but a rep from SecureWorks said the e-mails are typical work-at-home scams that include the Trojan as an attachment.

If you use the job site, make sure your computer is updated with all the latest software patches. And don’t respond to solicitations sent to you in e-mail from an unverified source.