A new Trojan horse has generated a network of zombie computers that is attempting to break into eBay accounts. As eWeek reports, the network—or botnet—is running a distributed brute force attack in order to steal financial information from unwitting eBay users. Aladdin Knowledge Systems, an Israeli security firm, told eWeek the attack has been going on for "at least a week."
Aladdin claims the Trojan that ropes infected systems into the botnet is being disseminated by "up to 300" popular websites that have been hacked. In Israel, for instance, a popular price comparison site and the site of the country's biggest labor union have both been infected.
"It uses so many techniques," [Aladdin eSafe Business Unit Director of Product Management Ofer Elzam] said. It starts by inserting an invisible frame that opens a page that's also obscured from the victim, he said. That page then runs some Ajax and XML script that starts to troll sites, one after another, looking for known vulnerabilities. It downloads some code elements that in turn download other code elements. After four or five stages, it then launches, connects to another server and downloads user name/password name combinations that it uses to attempt to gain access to valid eBay accounts.
"It's very sophisticated and [ever-changing] and can switch sides and move on and infect other sites again with similar attacks," Elzam said.
More worrying yet, eWeek says eBay has yet to respond to Aladdin Knowledge Systems regarding the attack.