CHICAGO, Sept. 6 /PRNewswire-FirstCall/ -- Aladdin Knowledge Systems today announced that the Aladdin eSafe Content Security Response Team (CSRT) has uncovered significant new details surrounding the eBay botnet attack it first discovered on Monday.
(Logo: http://www.newscom.com/cgi-bin/prnh/20040416/CGALADDINLOGO)
The attack, which is one of the first of its kind to employ extremely complex, multi-stage attack methods, performs a distributed and covert brute force attack on eBay accounts in an effort to obtain personal information and/or items sold/purchased via the eBay site. Two new details provided by the Aladdin eSafe CSRT were made available this afternoon:
Threat employs phishing - Aladdin researchers identified cases where victims have entered their credentials in phishing sites controlled by the attackers, giving further opportunity for the attackers to quickly gain access to an even larger number of accounts. The phishing operation appears to be ongoing and continues to collect user information. Aladdin researchers have validated cases in which the botnet collected active eBay account details.
Potential UK focus - Aladdin security specialists have identified that a high percentage of the threat's efforts are targeted specifically at UK-based eBay account holders. The Trojan appears to separate its handling of accounts, distinguishing between accounts inside and outside of the United States.
"Through new infection and attack methods, this targeted threat shows that Trojans are continuing to evolve into extremely dynamic, adaptive tools for online criminals, resulting in a potentially damaging aftermath for its individual victims," said Ofer Elzam, director of product management for the Aladdin eSafe Business Unit and head of the Aladdin eSafe CSRT. "This eBay botnet attack is unique, and definitely not found through traditional security measures. Aladdin's innovative security specialists are closely monitoring this new threat and are notifying the Web sites we determine are infecting Web surfers."
eBay Botnet Attack
First discovered by the Aladdin eSafe CSRT, the first-of-its-kind threat uses a sophisticated Trojan that infects visitors of hacked Web sites worldwide. It then uses infected computers to conduct a sophisticated distributed attack on eBay accounts in an effort to steal personal financial information and potentially alter settings that can place sold items in the wrong hands. Aladdin researchers estimate the threat has gone undetected for several days and that hundreds of popular Web sites, regardless of local language or geography, could be affected and are still infecting visitors.
Continued momentum has been logged by the Aladdin eSafe CSRT, citing research gained through Aladdin's eSafe SecureSurfing solution -- a solution deployed by ISPs to block malware before it reaches their customers. The Aladdin CSRT continuously monitors online security events discovered by the SecureSurfing service in search of further details surrounding this complex threat.
About Aladdin eSafe
Aladdin eSafe protects against Web-based malware and zero-day threats through an in-line, wire-speed secure Web gateway featuring powerful anti-spyware, application level controls, and URL filtering. eSafe also controls spam and inspects SMTP and POP3 traffic though a proactive email security gateway. Visit http://www.aladdin.com/eSafe.
About Aladdin
Aladdin Knowledge Systems' Software Rights Management products are the #1 choice of software developers and publishers to protect intellectual property, increase revenues, and reduce losses from software piracy. Aladdin eToken is the world's #1 USB-based authentication solution. The Aladdin eSafe secure Web gateway provides the most advanced protection against the latest Web-based threats and attacks. Aladdin has offices in 12 countries, a worldwide network of channel partners, and has won numerous awards for innovation. For more information, visit the Aladdin Web site at http://www.aladdin.com/.
(C)2007 Aladdin Knowledge Systems, Ltd. All rights reserved. eSafe, Aladdin Knowledge Systems and the Aladdin logo are trademarks or registered trademarks of Aladdin Knowledge Systems, Ltd. All other product and brand names mentioned in this document are trademarks or registered trademarks of their respective owners
Press Contact: Investor Relations Contact:
Matthew Zintel Mark Jones
Zintel Public Relations Global Consulting Group
AP Archive: http://photoarchive.ap.org/
PRN Photo Desk,
