and its not just any attack, its a pretty sophisticated one with many changing techniques, which is hard to defend. Aladdin, a internet security company based on Israel first found out the attack that has been attacking for a few weeks and yet unnoticed. It is not just any phishing attack, it is a multi-stage attack with brutal force on ebay accounts. The attack seems to be targeting ebay UK while other geography may well be targeted as well.
With ebay holding over millions of credit card informations, personal and financial data, lets hope that it will not be leaked.
Threat employs phishing - Aladdin researchers identified cases where victims have entered their credentials in phishing sites controlled by the attackers, giving further opportunity for the attackers to quickly gain access to an even larger number of accounts. The phishing operation appears to be ongoing and continues to collect user information. Aladdin researchers have validated cases in which the botnet collected active eBay account details.
Potential UK focus - Aladdin security specialists have identified that a high percentage of the threat's efforts are targeted specifically at UK-based eBay account holders. The Trojan appears to separate its handling of accounts, distinguishing between accounts inside and outside of the United States.
"Through new infection and attack methods, this targeted threat shows that Trojans are continuing to evolve into extremely dynamic, adaptive tools for online criminals, resulting in a potentially damaging aftermath for its individual victims," said Ofer Elzam, director of product management for the Aladdin eSafe Business Unit and head of the Aladdin eSafe CSRT. "This eBay botnet attack is unique, and definitely not found through traditional security measures. Aladdin's innovative security specialists are closely monitoring this new threat and are notifying the Web sites we determine are infecting Web surfers."
eBay Botnet Attack
First discovered by the Aladdin eSafe CSRT, the first-of-its-kind threat uses a sophisticated Trojan that infects visitors of hacked Web sites worldwide. It then uses infected computers to conduct a sophisticated distributed attack on eBay accounts in an effort to steal personal financial information and potentially alter settings that can place sold items in the wrong hands. Aladdin researchers estimate the threat has gone undetected for several days and that hundreds of popular Web sites, regardless of local language or geography, could be affected and are still infecting visitors.
Continued momentum has been logged by the Aladdin eSafe CSRT, citing research gained through Aladdin's eSafe SecureSurfing solution -- a solution deployed by ISPs to block malware before it reaches their customers. The Aladdin CSRT continuously monitors online security events discovered by the SecureSurfing service in search of further details surrounding this complex threat.
so the best is not to buy anything now from ebay until they resolve the matter. i do have an account in ebay and i have bought stuffs over the past few months. Just handle your ebay bidding cravings or get your money 'poof!' eaten by them.
further reading
http://money.cnn.com/news/newsfeeds/articles/prnewswire/AQTH16406092007-1.htm
http://www.eweek.com/article2/0,1759,2178975,00.asp
No comments:
Post a Comment