[ISN] eBay: Phishers getting better organised, using Linux

From: InfoSec News (alerts@private)
Date: Mon Oct 08 2007 - 01:05:56 PDT


http://computerworld.co.nz/news.nsf/scrt/CD0B9D97EE6FE411CC25736A000E4723

By Robert McMillan 
San Francisco
4 October, 2007

When it comes to launching online attacks, criminals are getting more 
organised and branching out from the Windows operating system, says 
eBay's security chief.

eBay recently did an in-depth analysis of its threat situation, and 
while the company is not releasing the results of this analysis, it did 
uncover a huge number of hacked, botnet computers, said Dave Cullinane, 
eBay's chief information and security officer, speaking at a 
Microsoft-sponsored security symposium at Santa Clara University.

Cullinane, who one year ago downplayed the role of organised crime in 
phishing ("It's not the Sopranos," he said), believes that online 
attackers are indeed becoming more sophisticated, with malware 
developers now being funded to develop new and improved attacks.

In the past year, Cullinane has seen better organisation by eBay 
fraudsters. Criminals are being paid to develop better types of attacks, 
and the attacks are getting harder to detect, he added. "The phishing 
emails I see are extremely sophisticated," he said.

Apparently, this growing professionalisation has even cut down on 
mangled grammar. "The language they're using is very good." Cullinane 
said.

Last week eBay said data on 1,200 eBay members had probably been stolen 
via an phishing scam. The members' data was posted to the company's 
Trust & Safety discussion forum.

Cullinane's experience with phishing goes back to his previous employer, 
Washington Mutual, which has been one of the top phishing targets in the 
US.

While there, he noticed an unusual trend when taking down phishing 
sites.

"The vast majority of the threats we saw were rootkitted Linux boxes, 
which was rather startling. We expected Microsoft boxes," he said.

Rootkit software covers the tracks of the attackers and can be extremely 
difficult to detect. According to Cullinane, none of the Linux operators 
whose machines had been compromised were even aware they'd been 
infected.

Although Linux has long been considered more secure than Windows, many 
of the programs that run on top of Linux have known security 
vulnerabilities, and if an attacker were to exploit an unpatched bug on 
a misconfigured system, he could seize control of the machine.

Because Linux is highly reliable and a great platform for running server 
software, Linux machines are desired by phishers, who set up fake 
websites, hoping to lure victims into disclosing their passwords.

"We see a lot of Linux machines used in phishing," said Alfred Huger, 
vice president for Symantec Security Response. "We see them as part of 
the command and control networks for botnets, but we rarely see them be 
the actual bots. Botnets are almost uniformly Windows-based."

Since Linux machines can be used to more easily create specially crafted 
networking packets, they can be used in highly sophisticated online 
attacks, said Iftach Amit, director of security research with Finjan's 
malicious code research centre.

Capabilities like this make Linux machines highly coveted by online 
attackers, and they fetch a premium in the underground marketplace for 
compromised machines, Amit said.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Mon Oct 08 2007 - 01:30:52 PDT