VJ: eBay Web attack using custom- built botnet | eBay users "ALERT"
"I write for the same reason I breathe. If I didn't, I would die."
Sir Issac Assimov,



Tuesday, November 20, 2007

eBay Web attack using custom- built botnet | eBay users "ALERT"


Digg it | Stumble it | Save to Del.ico.us |

Seeding genuine web sites with malware is nothing new, but the practice has been gathering steam this year.The site was compromised by SQL injection vulnerabilities and then IFrame attack code is inserted.Yet another sophisticated Web-based attack against eBay and its users is being investigated by a Tel Aviv-based security vendor that discovered a similar attack two months ago involving a custom-made bot designed to steal accounts.Ofer Elzam, Aladdin Knowledge Systems’ director of product management, says his firm has determined in the last few days that at least two Web sites, one called Save Our Planet and another called Nova Radio, appear to have been compromised with malicious code that combines to launch an attack against a site visitor. Aladdin Knowledge Systems Ltd.(NASDAQ: ALDN) announced that the Aladdin eSafe Content Security Response Team (CSRT) has uncovered significant new details surrounding the eBay botnet attack it first discovered on September 6, 2007 .The attack, which is one of the first of its kind to employ extremely complex, multi-stage attack methods, performs a distributed and covert brute force attack on eBay accounts in an effort to obtain personal information and/or items sold/purchased via the eBay site. Two new details provided by the Aladdin eSafe CSRT were made available this afternoon:

The goal of the re-attack today is to combine code to break in through the browser to the victim’s desktop and install a Trojan to collect eBay user account information, if it’s found, and connect to eBay to use that account information to commit fraud. “There are a chain of sites that work together,” says Elzam. “One Web page uses a trick with JavaScript to open a size-zero window, which takes content from a third-party site.” Elzam says Aladdin hasn’t yet been able to reach the operators of the Save Our Planet and Nova Radio sites- and notes that forty more Web sites may be tied to this attack, which is very fluid and changing-- but it has been in touch with eBay.



Support us by making a link back to this post or simply bookmark this post for us.
Link to this post:

0 comments on "eBay Web attack using custom- built botnet | eBay users "ALERT""

Add your comment. Please don't spam!
Subscribe in a Reader
Online Reference
Dictionary, Encyclopedia & more
Word:
Look in: Dictionary & thesaurus
Medical Dictionary
Legal Dictionary
Financial Dictionary
Acronyms
Idioms
Encyclopedia
Wikipedia
Periodicals
Literature
by:
Word of the Day

Article of the Day

Today's Birthday

In the News

Quote of the Day

Spelling Bee
difficulty level:
score: -
please wait...
 
spell the word:

Match Up
Match each word in the left column with its synonym on the right. When finished, click Answer to see the results. Good luck!

 

Hangman