backtop


Print 30 comment(s) - last by Spacecomber.. on Sep 12 at 4:01 PM

A massive brute force attack, lasting for more than a week, threatens to compromise eBay's userbase

If the Monster.com compromise last week got you down, wait until the full details of eBay's current battle come to full light.  It's not been publically confirmed by eBay representatives, but the company is at war with a zombie network.

According to an interview with security experts on eWEEK, the botnet is hammering away at eBay in an attempt to brute force its way into accounts with financial and personal information. Aladdin Knowledge Systems claims this attack has been underway for at least one week.

 

The zombie infection itself seems to be very complex and designed to be loaded in pieces. Apparently 300 or so infected websites are disseminating the virus to visitors that use those websites. The virus then goes out to the web and pulls several pieces of information it needs to attack the eBay accounts.


Aladdin Knowledge Systems claims there are 4 or 5 stages to the Virus to gather everything it needs to launch and participate in the attack. It is currently unknown how many machines are infected and participating in this attack.  Aladdin Knowledge Systems first noticed the botnet attack when it was discovered by their eSafe SecureSurfing product that is marketed to ISP's to monitor and filter infected websites.

 

Additional details, including any database compromises, have not been disclosed.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: myspace as well
By Misty Dingos on 9/6/2007 3:57:13 PM , Rating: 2
Then perhaps the way to make a brute force attack work would be to accept that you don't know the password and don't care. Just use a program that attacks the code with every possible combination made possible by a standard key board. Keep it within the normal parameters of a password. Break that attack up within bot lines. Have your bots report back all failures and successes to another bot that emails you the results. Keep working the most successful avenues of attack and re-attack for bots that were disabled. If you can infect enough PCs to ease the work load on anyone bot then you have a way around Ebay's security. Gather a few hundred thousand accounts and sell a few here and there to bad people and retire to somewhere cheap that doesn’t support extradition to your home country.


"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki