eBay Web attack hops from other sites

Web-based fraud attack against eBay uses sophisticated method, security vendor says

Yet another sophisticated Web-based attack against eBay and its users is being investigated by a Tel Aviv-based security vendor that discovered a similar attack two months ago involving a custom-made bot designed to steal accounts.

Ofer Elzam, Aladdin Knowledge Systems' director of product management, says his firm has determined in the last few days that at least two Web sites, one called Save Our Planet and another called Nova Radio, appear to have been compromised with malicious code that combines to launch an attack against a site visitor. The goal of the attack is to combine code to break in through the browser to the victim's desktop and install a Trojan to collect eBay user account information, if it's found, and connect to eBay to use that account information to commit fraud.

"There are a chain of sites that work together," says Elzam. "One Web page uses a trick with JavaScript to open a size-zero window, which takes content from a third-party site."

Elzam says Aladdin hasn't yet been able to reach the operators of the Save Our Planet and Nova Radio sites-- and notes that forty more Web sites may be tied to this attack, which is very fluid and changing-- but it has been in touch with eBay.

"The last time we saw this kind of attack, in September, it was from an Israeli labor organization site," says Elzam. He adds that Aladdin has been able to detect the suspicious code mainly because it has a relationship with an Israeli ISP to conduct this type of security monitoring.

The current attack against eBay and its account holders, based on attack code made available through compromised Web sites and triggered by unsuspecting Web visitors, is an epidemic that's becoming a favorite way to conduct cybercrime, Elzam says. "This hopping from site to site makes it very hard to detect," he says.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?