The Aladdin eSafe Content Security Response Team (CSRT) has uncovered new details surrounding the eBay botnet attack first discovered on Monday. Researchers have found that the attack is primarily targeted at UK users of eBay and that the attackers are employing phishing tactics to complement their assault. According to the CSRT, the botnet attack is the first of its kind, using a sophisticated Trojan that infects visitors of hacked Web sites worldwide; utilizing the collective processing powers of these computers, the program then conducts a sophisticated distributed attack on eBay accounts in an effort to steal personal financial information and potentially alter settings that can place sold items in the wrong hands. Aladdin researchers estimate the threat has gone undetected for several days and that hundreds of popular Web sites, regardless of local language or geography, could be affected and are still infecting visitors.
"Through new infection and attack methods, this targeted threat shows that Trojans are continuing to evolve into extremely dynamic, adaptive tools for online criminals, resulting in a potentially damaging aftermath for its individual victims," said Ofer Elzam, director of product management for the Aladdin eSafe Business Unit and head of the Aladdin eSafe CSRT. "This eBay botnet attack is unique, and definitely not found through traditional security measures. Aladdin's innovative security specialists are closely monitoring this new threat and are notifying the Web sites we determine are infecting Web surfers."