Print 30 comment(s) - last by Spacecomber.. on Sep 12 at 4:01 PM

A massive brute force attack, lasting for more than a week, threatens to compromise eBay's userbase

If the compromise last week got you down, wait until the full details of eBay's current battle come to full light.  It's not been publically confirmed by eBay representatives, but the company is at war with a zombie network.

According to an interview with security experts on eWEEK, the botnet is hammering away at eBay in an attempt to brute force its way into accounts with financial and personal information. Aladdin Knowledge Systems claims this attack has been underway for at least one week.


The zombie infection itself seems to be very complex and designed to be loaded in pieces. Apparently 300 or so infected websites are disseminating the virus to visitors that use those websites. The virus then goes out to the web and pulls several pieces of information it needs to attack the eBay accounts.

Aladdin Knowledge Systems claims there are 4 or 5 stages to the Virus to gather everything it needs to launch and participate in the attack. It is currently unknown how many machines are infected and participating in this attack.  Aladdin Knowledge Systems first noticed the botnet attack when it was discovered by their eSafe SecureSurfing product that is marketed to ISP's to monitor and filter infected websites.


Additional details, including any database compromises, have not been disclosed.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: myspace as well
By Spivonious on 9/6/2007 4:14:22 PM , Rating: 2
Even then it's still possible to "guess" the random password. It's all number crunching.

Try all one letter combinations, then all two letter combinations, then all three letter combinations, etc.

I would think this would be much more efficient than trying to guess full words.

RE: myspace as well
By AlvinCool on 9/6/2007 4:37:57 PM , Rating: 2
So how long do you think that would take for a 12 digit password. Just using numbers and lower case/caps thats 61 possible combinations per slot and 12 slots. With just 6 slots and about the same number of combinations, for the lottery, thats a 1 in 170 million chance of hitting. I'm not fantastic with math but wouldn't that put it in like 1 in a trillion or more for 12 slots? Anyone good at math want to figure that? And it doesn't report back hits or misses on indivual characters. It's all or nothing. I , personally, think you guys are way too confident on a brute force attack if the proper password patterns are employed.

RE: myspace as well
By Master Kenobi on 9/7/2007 8:49:24 AM , Rating: 2
I bet they started each account attack with "password" and I bet they got in on quite a few.

RE: myspace as well
By AlvinCool on 9/7/2007 9:39:03 AM , Rating: 2
I totally agree. If it were me I'l attack with all common passwords then attack again with numbers from 0 - 9 at the end. I would think you could rack up on accounts that way in a short period of time

"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki