Symantec noted:

Such a large database of highly personal information is a spammer’s dream. In fact, we found the Trojan can be instructed to send spam email using a mail template downloadable from the command & control server.

and

Furthermore, Trojan.Gpcoder.E has reportedly been spammed in Monster.com phishing emails. These emails were very realistic, containing personal information of the victims. They requested that the recipient download a Monster Job Seeker Tool, which in fact was a copy of Trojan.Gpcoder.E. This Trojan will encrypt files in the affected computer and leaves a text file requesting money to be paid to the attackers in order to decrypt the files. The code for Gpcoder is rather similar to that of Monstres, which may indicate the same hacker group is behind both Trojans.

Monitoring database queries alone is not enough. A spokesman for Monster.com said told Computerworld:

Many of our larger customers rely heavily on our database and their use may be similar to programmatic or scripted access.

Computerworld is reporting that the three pieces of malware used in this attack,Infostealer.Monstres, Banker.c, and Gpcoder.e, are likely generated by a single group of attackers:

While their final purpose is different, their modus operandi is very similar, using identical filenames, creating the same system folder, injecting code into the same processes, and hooking the same system functions using rootkit techniques to gain control of network functionalities and to steal sensitive information," said Hidalgo. "They share code and a number of traits that could indicate they were developed by the same group or perhaps created using a kit.

Monitoring database queries is not enough but monitoring other characteristics of a request, like the IP addresses of the requester, can help flag anomalous activities.