A new Trojan horse has generated a network of zombie computers that is attempting to break into eBay accounts. As eWeek reports, the network—or botnet—is running a distributed brute force attack in order to steal financial information from unwitting eBay users. Aladdin Knowledge Systems, an Israeli security firm, told eWeek the attack has been going on for "at least a week."
Aladdin claims the Trojan that ropes infected systems into the botnet is being disseminated by "up to 300" popular websites that have been hacked. In Israel, for instance, a popular price comparison site and the site of the country's biggest labor union have both been infected.
"It uses so many techniques," [Aladdin eSafe Business Unit Director of Product Management Ofer Elzam] said. It starts by inserting an invisible frame that opens a page that's also obscured from the victim, he said. That page then runs some Ajax and XML script that starts to troll sites, one after another, looking for known vulnerabilities. It downloads some code elements that in turn download other code elements. After four or five stages, it then launches, connects to another server and downloads user name/password name combinations that it uses to attempt to gain access to valid eBay accounts.
"It's very sophisticated and [ever-changing] and can switch sides and move on and infect other sites again with similar attacks," Elzam said.
More worrying yet, eWeek says eBay has yet to respond to Aladdin Knowledge Systems regarding the attack.
|Acer's Predator Z35P is on the hunt for a high-end gaming rig||9|
|Fractal Design finds a new Focus on entry-level cases||6|
|Intel plans to integrate Thunderbolt into future CPUs||18|
|Cooler Master polishes the Cosmos II for a 25th Anniversary edition||9|
|Huawei opens up three new Windows 10 notebooks||10|
|Corsair Commander Pro takes charge of case fans and lighting||7|
|National Taffy Day Shortbread||11|
|LG's X Venture has a beefy battery and a heavy-duty build||18|
|Agon AG251FG can do 2560x1440 or 240Hz||22|