Bot network aims to crack eBay accounts
In the US media, Israeli security firm Aladdin has reported the discovery of a new bot network that is using brute-force attacks to break into eBay accounts and obtain money. The security experts discovered the bot network on Monday, though it is assumed that the network has been in operation for more than a week.
The still unnamed trojan on which the bot network is based is reportedly distributed via hacked websites that have had IFrames injected into them. The attackers then attempt to exploit old security holes in Internet Explorer via malicous content delivered by these IFrames to install the trojan on the victim's computer. This means of propagation is similar to the one used by the MPack web attack tool. Aladdin states that infected computers – the drones in the bot network – receive an eBay access name and a list of passwords from the operator of the bot network. The trojan then tries to log into the account by using an application programming interface (API) provided by eBay.
The security experts at Aladdin say that they have discovered more than 300 infected websites that spread the trojan. Unconfirmed reports claim that eBay accounts have already been cracked and misused: One Texan's account has allegedly been manipulated, the identity of an Englishman being inserted to replace the original data. The attacker then attempted to buy items using the account. Furthermore, the user's PayPal account was reportedly manipulated, possibly to pay for the items ordered.
Users can protect themselves from being infected with the contaminant by installing all of the patches available for their operating system and any software used. In addition, it is advisable to use an antivirus solution with current signatures. For more information on how to protect yourself from contaminants, see the antivirus websites at heise Security.