backtop


Print 30 comment(s) - last by Spacecomber.. on Sep 12 at 4:01 PM

A massive brute force attack, lasting for more than a week, threatens to compromise eBay's userbase

If the Monster.com compromise last week got you down, wait until the full details of eBay's current battle come to full light.  It's not been publically confirmed by eBay representatives, but the company is at war with a zombie network.

According to an interview with security experts on eWEEK, the botnet is hammering away at eBay in an attempt to brute force its way into accounts with financial and personal information. Aladdin Knowledge Systems claims this attack has been underway for at least one week.

 

The zombie infection itself seems to be very complex and designed to be loaded in pieces. Apparently 300 or so infected websites are disseminating the virus to visitors that use those websites. The virus then goes out to the web and pulls several pieces of information it needs to attack the eBay accounts.


Aladdin Knowledge Systems claims there are 4 or 5 stages to the Virus to gather everything it needs to launch and participate in the attack. It is currently unknown how many machines are infected and participating in this attack.  Aladdin Knowledge Systems first noticed the botnet attack when it was discovered by their eSafe SecureSurfing product that is marketed to ISP's to monitor and filter infected websites.

 

Additional details, including any database compromises, have not been disclosed.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By tastyratz on 9/6/2007 4:31:06 PM , Rating: 0
brute force works - period. When your harvesting passwords you can try the most common passwords first and roll it backwards. Maybe they wont get everyones accounts but maybe they will get a few hundred/thousand. They just start with common words, words with a few numbers on the ends, words with capitals and a few numbers, etc. common stuff like money, god, sex, names, months, having a 1 at the end, numbers 1900-2010, etc. are all tried first. You can make a list of 1000 words and just hammer every account with that and you will get a larger amount of passwords than not.

sucks but its true.

And yea, paypal security is crap. Your not secure from anything. Ive had people rip me off and that $200 protection doesnt do a damn thing unless the person has an account attached to their paypal with 200 in it. If its a scammer who is going to have that? I got a reply saying they couldnt recover the funds too bad so sad. Wouldnt that $200 base coverage be something you would consider as a payout from paypal directly and then THEY seek out funds?


"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki