Custom-built botnet steals eBay accounts
Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account login info, an Israeli security company said Monday.
The attacks against eBay may have started as long ago as early August, said Ofer Elzam, of Aladdin Knowledge Systems Ltd. Elzam and his researchers have not been successful in notifying eBay of their weekend findings.
According to Elzam, the product manager of Aladdin's eSafe threat protection line, the brute force attacks are launched by a large botnet that the identity thieves have built using a sophisticated, multi-stage campaign that begins with compromised legitimate Web sites.
My best estimate is that there are at least 300 compromised sites," said Elzam, who noted that the sites are spread worldwide and in several languages. Two sites are based in Israel, he said, including a price comparison Web site and another operated by one of the country's largest unions. Other sites identified in a search run with information provided by Elzam included scores of real estate Web sites in Florida and Massachusetts, and a Microsoft security message forum in Italian.
Seeding genuine Web sites with malware is nothing new, but the practice has been gathering steam this year. In June, for example, hackers launched a massive bot-building attack from more than 10,000 hijacked Web sites, most of them hosted in Italy.
"These sites are compromised by SQL injection vulnerabilities, and then IFRAME attack code is inserted," said Elzam, describing a common method of hacking legitimate Web sites and infecting their visitors. "The IFRAME code redirects visitors to other sites which host a Trojan," he added. The Trojan hijacks the PC and turns it into a zombie, or bot.
Comments