Botnet Targets Ebay Accounts
Botnets are moving beyond plain old spam and phishing attacks to launch brute force attacks on popular sites. InBotnet Attack Sinks Its Fangs into eBay Accounts, eWeek reports on a new distributed attack that is more sophisticated than we've seen before.
It uses so many techniques," he said. It starts by inserting an invisible frame that opens a page that's also obscured from the victim, he said. That page then runs some Ajax and XML script that starts to troll sites, one after another, looking for known vulnerabilities. It downloads some code elements that in turn download other code elements. After four or five stages, it then launches, connects to another server and downloads user name/password name combinations that it uses to attempt to gain access to valid eBay accounts.
Brute force attacks like this only make sense if you have a lot of computing power behind it. This fits with a post yesterday about the largest botnets now surpassing the fastest supercomputer, at least by some estimates. This is another example of a quantitative difference in the size of botnets leading to a qualitative change in the kinds of attacks that can be launched.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
