eBay Web attack hops from other sites

Web-based fraud attack against eBay uses sophisticated method, security vendor says

Yet another sophisticated Web-based attack against eBay and its users is being investigated by a Tel Aviv-based security vendor that discovered a similar attack two months ago involving a custom-made bot designed to steal accounts.

Ofer Elzam, Aladdin Knowledge Systems' director of product management, says his firm has determined in the last few days that at least two Web sites, one called Save Our Planet and another called Nova Radio, appear to have been compromised with malicious code that combines to launch an attack against a site visitor. The goal of the attack is to combine code to break in through the browser to the victim's desktop and install a Trojan to collect eBay user account information, if it's found, and connect to eBay to use that account information to commit fraud.

"There are a chain of sites that work together," says Elzam. "One Web page uses a trick with JavaScript to open a size-zero window, which takes content from a third-party site."

Elzam says Aladdin hasn't yet been able to reach the operators of the Save Our Planet and Nova Radio sites-- and notes that forty more Web sites may be tied to this attack, which is very fluid and changing-- but it has been in touch with eBay.

"The last time we saw this kind of attack, in September, it was from an Israeli labor organization site," says Elzam. He adds that Aladdin has been able to detect the suspicious code mainly because it has a relationship with an Israeli ISP to conduct this type of security monitoring.

The current attack against eBay and its account holders, based on attack code made available through compromised Web sites and triggered by unsuspecting Web visitors, is an epidemic that's becoming a favorite way to conduct cybercrime, Elzam says. "This hopping from site to site makes it very hard to detect," he says.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments





Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?