Ebay phishers get organized

When it comes to launching online attacks, criminals are getting more organized and branching out from the Windows operating system, eBay Inc.‘s security chief said Tuesday.

eBay recently did an in-depth analysis of its threat situation, and while the company is not releasing the results of this analysis, it did uncover a huge number of hacked, botnet computers, said Dave Cullinane, eBay’s chief information and security officer, speaking at a Microsoft-sponsored security symposium at Santa Clara University.

Cullinane, who one year ago downplayed the role of organized crime in phishing (“It’s not the Sopranos,” he said), believes that online attackers are indeed becoming more sophisticated, with malware developers now being funded to develop new and improved attacks.

In the past year, Cullinane has seen better organization by eBay fraudsters. Criminals are being paid to develop better types of attacks, and the attacks are getting harder to detect, he added. “The phishing e-mails I see are extremely sophisticated,” he said.

Apparently, this growing professionalization has even cut down on mangled grammar. “The language they’re using is very good.” Cullinane said.

Last week eBay said data on 1,200 eBay members had probably been stolen via an phishing scam. The members’ data was posted to the company’s Trust & Safety discussion forum.

Cullinane’s experience with phishing goes back to his previous employer, Washington Mutual Inc., which has been one of the top phishing targets in the U.S.

While there, he noticed an unusual trend when taking down phishing sites.

“The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes,” he said.

Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they’d been infected.

Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.

Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake Web sites, hoping to lure victims into disclosing their passwords.

“We see a lot of Linux machines used in phishing,” said Alfred Huger, vice president for Symantec Security Response. “We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based.”

Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, said Iftach Amit, director of security research with Finjan Inc.‘s malicious code research centre.

Capabilities like this make Linux machines highly coveted by online attackers, and they fetch a premium in the underground marketplace for compromised machines, Amit said.

Comment: [email protected]

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs