A new Trojan horse has generated a network of zombie computers that is attempting to break into eBay accounts. As eWeek reports, the network—or botnet—is running a distributed brute force attack in order to steal financial information from unwitting eBay users. Aladdin Knowledge Systems, an Israeli security firm, told eWeek the attack has been going on for "at least a week."
Aladdin claims the Trojan that ropes infected systems into the botnet is being disseminated by "up to 300" popular websites that have been hacked. In Israel, for instance, a popular price comparison site and the site of the country's biggest labor union have both been infected.
"It uses so many techniques," [Aladdin eSafe Business Unit Director of Product Management Ofer Elzam] said. It starts by inserting an invisible frame that opens a page that's also obscured from the victim, he said. That page then runs some Ajax and XML script that starts to troll sites, one after another, looking for known vulnerabilities. It downloads some code elements that in turn download other code elements. After four or five stages, it then launches, connects to another server and downloads user name/password name combinations that it uses to attempt to gain access to valid eBay accounts.
"It's very sophisticated and [ever-changing] and can switch sides and move on and infect other sites again with similar attacks," Elzam said.
More worrying yet, eWeek says eBay has yet to respond to Aladdin Knowledge Systems regarding the attack.
|Aerocool's Project 7 P7-C1 Pro case reviewed||6|
|Google Project Tango is dead—long live ARCore||9|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||22|
|Antec P110 Silent touts quiet looks and quiet operation||11|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||19|
|Monkey Day Shortbread||14|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||6|