backtop

Internet eBay Under Attack from Giant Botnet
Christopher Jennings (Blog) - September 5, 2007 3:34 PM
Print E-mail del.icio.us 30 comment(s) - last by Spacecomber.. on Sep 12 at 4:01 PM
A massive brute force attack, lasting for more than a week, threatens to compromise eBay's userbase

If the Monster.com compromise last week got you down, wait until the full details of eBay's current battle come to full light.  It's not been publically confirmed by eBay representatives, but the company is at war with a zombie network.

According to an interview with security experts on eWEEK, the botnet is hammering away at eBay in an attempt to brute force its way into accounts with financial and personal information. Aladdin Knowledge Systems claims this attack has been underway for at least one week.

 

The zombie infection itself seems to be very complex and designed to be loaded in pieces. Apparently 300 or so infected websites are disseminating the virus to visitors that use those websites. The virus then goes out to the web and pulls several pieces of information it needs to attack the eBay accounts.


Aladdin Knowledge Systems claims there are 4 or 5 stages to the Virus to gather everything it needs to launch and participate in the attack. It is currently unknown how many machines are infected and participating in this attack.  Aladdin Knowledge Systems first noticed the botnet attack when it was discovered by their eSafe SecureSurfing product that is marketed to ISP's to monitor and filter infected websites.

 

Additional details, including any database compromises, have not been disclosed.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
myspace as well
By GhandiInstinct on 9/5/2007 5:10:55 PM , Rating: 2
you guys ever receive advertisement messages weekly on myspace for porn sites etc..from your friends? and you wonder why, and then you realize it wasnt them.

same compromise on myspace.




RE: myspace as well
By FITCamaro on 9/5/2007 5:16:10 PM , Rating: 5
To me myspace is a plague upon mankind. I won't even click on a link to a friends myspace account.


RE: myspace as well
By Master Kenobi (blog) on 9/5/2007 6:01:18 PM , Rating: 3
quote:
To me myspace is a plague upon mankind.

I agree. I won't touch anything remotely associated with myspace.


RE: myspace as well
By marsbound2024 on 9/5/2007 6:08:46 PM , Rating: 3
I agree a bit. I used to use Myspace but now it is so BLOATED (like Creative's software packages with Audigy or budget computers and their AOL and etc BS) and disorganized. It's pretty much yuck. Users put WAY too much "bling" on their websites that makes it a pain to browse. I prefer the simplistic and functional style of Facebook.


RE: myspace as well
By Lazarus Dark on 9/5/2007 6:27:18 PM , Rating: 4
I finally caved a couple weeks ago an got a myspace after resisting for so long. I still hate myspace. But it's free and all the bands that I like, that's the only place to get samples of their music and contact them. It serves a purpose I'm afraid. I tried Facebook, but I hate it, mostly cause it's less anonymous.

But the amount of spam on myspace is ridiculous. And last week, one of my friends accounts was hacked and they sent out links to virus sites to everyone.


RE: myspace as well
By Gul Westfale on 9/6/2007 12:26:19 AM , Rating: 1
quote:
To me myspace is a plague upon mankind.


DOWN WITH EMOS!


RE: myspace as well
By animedude on 9/6/2007 1:23:19 AM , Rating: 2
That is why we have the upstart of o mighty facebook


RE: myspace as well
By AstroCreep on 9/5/2007 6:26:10 PM , Rating: 4
No, it's not the same compromise.
What happens at myspace is the 'friend' in question clicks on some dumb link inside of a bulletin or whatever, then they get a page that asks them to log back into myspace - but they didn't realize that they actually 'logged in' to a phishing site. So the phishing now has their username & password which they immediately use to post bogus bulletins and comments.
That and/or said 'friend' clicked on some link in a message/bulletin that they shouldn't have, it runs some sort of script which creates a new posting that looks like it came from your account.

What's going on here with eBay is botnet full of zombies simply trying to break-in to accounts with brute-force 'attacks'. Not quite as elegant, but I guess it's effective.


RE: myspace as well
By Misty Dingos on 9/6/2007 8:04:12 AM , Rating: 2
I wonder what are the defenses that ebay can deploy to combat this attack? No I am not joking. Perhaps the last resort line of defense would be taking down the servers with customer info on them? But perhaps they could load counter viruses into a server disguised as account info then use the counter viruses to disable the bot network?

I am not an IT guy so this is just guess work. Anyone got any ideas that might work?


RE: myspace as well
By Master Kenobi (blog) on 9/6/2007 9:57:21 AM , Rating: 2
Short of auto-locking accounts after 3 failed attempts, none. Brute force works if you have the time and power to do it.


RE: myspace as well
By AlvinCool on 9/6/2007 2:22:57 PM , Rating: 2
I don't disagree that brute force will work if given enough time. But there are certain password constraints we all know about that make it unfeasable. Using a random generator makes it almost impossible for a brute force attack to work unless the person attacking has years to do it. Simply using a combination of caps and letters with two seperate words and a 3 digit number between them would stop brute force in it's tracks. It's my understanding that brute force relys on guessing words. It would first have to exhaust all known words, known word combinations, known word combinations with caps totally, known word combinations with random caps THEN move to x amount of numbers in between all the above combinations. It just won't be successful against strong passwords in any moderate amount of time. Lets face it most people are just stupid about passwords. Me I got an Ironkey and use all random generated passwords for anything concerning finance. I hope they wear out two or three PC's trying to get into my accounts.


RE: myspace as well
By Misty Dingos on 9/6/2007 3:57:13 PM , Rating: 2
Then perhaps the way to make a brute force attack work would be to accept that you don't know the password and don't care. Just use a program that attacks the code with every possible combination made possible by a standard key board. Keep it within the normal parameters of a password. Break that attack up within bot lines. Have your bots report back all failures and successes to another bot that emails you the results. Keep working the most successful avenues of attack and re-attack for bots that were disabled. If you can infect enough PCs to ease the work load on anyone bot then you have a way around Ebay's security. Gather a few hundred thousand accounts and sell a few here and there to bad people and retire to somewhere cheap that doesn’t support extradition to your home country.


RE: myspace as well
By Spivonious on 9/6/2007 4:14:22 PM , Rating: 2
Even then it's still possible to "guess" the random password. It's all number crunching.

Try all one letter combinations, then all two letter combinations, then all three letter combinations, etc.

I would think this would be much more efficient than trying to guess full words.


RE: myspace as well
By AlvinCool on 9/6/2007 4:37:57 PM , Rating: 2
So how long do you think that would take for a 12 digit password. Just using numbers and lower case/caps thats 61 possible combinations per slot and 12 slots. With just 6 slots and about the same number of combinations, for the lottery, thats a 1 in 170 million chance of hitting. I'm not fantastic with math but wouldn't that put it in like 1 in a trillion or more for 12 slots? Anyone good at math want to figure that? And it doesn't report back hits or misses on indivual characters. It's all or nothing. I , personally, think you guys are way too confident on a brute force attack if the proper password patterns are employed.


RE: myspace as well
By Master Kenobi (blog) on 9/7/2007 8:49:24 AM , Rating: 2
I bet they started each account attack with "password" and I bet they got in on quite a few.


RE: myspace as well
By AlvinCool on 9/7/2007 9:39:03 AM , Rating: 2
I totally agree. If it were me I'l attack with all common passwords then attack again with numbers from 0 - 9 at the end. I would think you could rack up on accounts that way in a short period of time


This is what (probably) gave me my headache!
By marsbound2024 on 9/5/2007 5:03:53 PM , Rating: 2
Recently my account was hacked into and used for distributing crap messages to other users... They also got into my Paypal and tried to put up crap listings. Anyways, ended up deleting my Paypal account (didn't use it anyways) and putting a hold on my eBay account.




By marsbound2024 on 9/5/2007 5:09:02 PM , Rating: 2
Another reason why I say this is because I was on the phone with a Paypal rep when I was trying to delete my account... she told me to click on something to access my account information and the thing never responded... the only thing I could see was that my Paypal balance was $0.00 (yay)... other parts of my account were inaccessible. I could never click on anything. Lo and behold, my computer eventually RESTARTED on its own after about ten or fifteen seconds of trying to access my account to delete it(and I never have had occurrences such as this). It was certainly fishy so I shut down my account over the phone.


By Oregonian2 on 9/5/2007 6:47:05 PM , Rating: 2
Your browser brought your machine to a reboot?

Amazing!


By marsbound2024 on 9/6/2007 2:45:34 PM , Rating: 2
No, not likely (was using Firefox as well). My machine is decent enough (Athlon 64 3800+ single core--I have Socket 939--1024MB RAM, XP SP2 with all the updates, 7600GT, 3.0GBps 250GB HDD, Avast, Comodo Firewall, Adaware and other software with all the updates)... sure not the best, but since I keep my computer maintained, it usually does not pose any problems. I am thinking that a hacker/virus had perhaps made my computer restart or it was otherwise a very unfortunate coincidence.

PS: Yes I know my specs aren't that great really considering, but it is not miserable enough to be so sad that indeed my browser itself would have brought my machine to a reboot.


RE: This is what (probably) gave me my headache!
By xsilver on 9/5/2007 8:05:53 PM , Rating: 2
i wonder if your account gets hacked and $500 is stolen from your paypal account per se.
would ebay be kind enough to get it back for u?

or will they be as useful as their "buyer protection" system


RE: This is what (probably) gave me my headache!
By cgrecu77 on 9/5/2007 8:34:03 PM , Rating: 2
their buyer protection program is actually quite useful ... it's unfair to the owners in that there's very little inquiry before they get charged back - almost no questions asked.


RE: This is what (probably) gave me my headache!
By leexgx on 9/5/2007 9:47:41 PM , Rating: 2
i just make sure i use an account that i move my money out off soon as it pops in (let my bank Deal with ebays No queston refunds when norm the buyers fault for not resoveing it)

i refund it (Excluding p&p costs) if it has got an problem After i recive the Item back and was in the same order it was sent out with (take pics of the item Before you send i off with time stamps on them)


RE: This is what (probably) gave me my headache!
By geeg on 9/6/2007 12:29:36 AM , Rating: 3
I have been using ebay/paypal since 1998 for my business.
ebay or paypal does not protect anything. All of their "protection" are such conditions where a protection would not be needed in the first place. The other situations, they do not protect the seller.
ebay/paypal charge A LOT. In return they do not offer much protection. And if you think about the service, it is a web service anyways. Charging %5 for that??
There is a reason why the owner of ebay is one the top billionaires.
If there was an alternative like eGoogle I would switch right away.


By Misty Dingos on 9/6/2007 7:58:37 AM , Rating: 3
And what makes you think that eGoogle would be any cheaper or kinder to sellers? At last check it seemed to me that given the chance google would take over the world if it could.


Error
By pauldovi on 9/5/2007 10:56:08 PM , Rating: 2
Apparently 300 or so infected websites are disseminating the virus to visitors that use those websties .




RE: Error
By FoxFour on 9/6/2007 12:54:54 AM , Rating: 3
I submit that perhaps this was just a clever play on (mispelled) words.

Pigsties... filthy, disgusting, dangerous to your health...

"Websties" that disseminate virus code to viewers...

I think it's a perfect fit.


Alternate Authentication for Paypal users
By NARC4457 on 9/6/2007 1:12:23 PM , Rating: 2
Paypal has an option for you to buy a rolling code authentication key fob for $5.00. As you log in, you must provide the code as well.

This should prevent any password harvesting virus from having access to your paypal account.

I wish I could have this for all my financial accounts...




Any updates?
By Spacecomber on 9/12/2007 4:01:50 PM , Rating: 2
This seems like a fairly significant story, but I've not heard anything more about it, here or elsewhere. (Not that I've really been looking.)




"DailyTech is the best kept secret on the Internet." -- Larry Barber

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments







botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki