Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Custom-built botnet steals eBay accounts

Brute-force identity theft may have started in early August, claims researcher

September 4, 2007 12:00 PM ET

Computerworld - Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, a Tel Aviv-based security company said Monday.

The attacks against eBay Inc. may have started as long ago as early August, said Ofer Elzam. He said that he and other researchers at Aladdin Knowledge Systems Ltd. have not been successful in notifying eBay of their weekend findings.

According to Elzam, the product manager of Aladdin's eSafe threat-protection line, the brute-force attacks are launched by a large botnet that the identity thieves have built using a sophisticated, multistage campaign that begins with compromised legitimate Web sites.

"My best estimate is that there are at least 300 compromised sites," said Elzam, who noted that they are spread worldwide and in several languages. Two sites are based in Israel, he said, including a price-comparison Web site and another operated by one of the country's largest unions. Other sites identified in a search run with information provided by Elzam included scores of real estate Web sites in Florida and Massachusetts, and a Microsoft security message forum in Italian.

Seeding genuine Web sites with malware is nothing new, but the practice has been gathering steam this year. In June, for example, hackers launched a massive bot-building attack from more than 10,000 hijacked Web sites, most of them hosted in Italy.

"These sites are compromised by SQL injection vulnerabilities, and then IFrame attack code is inserted," said Elzam, describing a common method of hacking legitimate Web sites and infecting their visitors. "The IFrame code redirects visitors to other sites which host a Trojan," he added. The Trojan horse hijacks the PC and turns it into a zombie, or bot.

"This is a very sophisticated, very complex attack," Elzam claimed, ticking off obfuscation techniques, multipart malware downloads and encryption among the tactics used by the thieves.

The resulting botnet is being used to call an eBay application programming interface (API) with pairs of possible usernames and passwords, said Elzam. The API allows the Trojan horse-infected PC -- the bot -- to communicate directly with the eBay database using XML-formatted code. If the database contains the username-password pair, it responds, which the Trojan horse notes, then later transmits to a hacker controlled server.

With enough username-password combinations -- the brute-force part of the attack -- the criminals can uncovering a limited number of real credentials.

"Each bot may be using as few as six pairs of usernames and passwords" in an attempt to come in under the security radar of eBay, said Elzam. "I don't think that eBay is even aware of the attack. The distributed nature of the attack may make it look like a merchant sending confirmations to buyers," he said.



Jump to comments

eBay

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs