eBay: Phishers getting better organised, using Linux

'The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes,' says CISO

When it comes to launching online attacks, criminals are getting more organised and branching out from the Windows operating system, says eBay's security chief.

eBay recently did an in-depth analysis of its threat situation, and while the company is not releasing the results of this analysis, it did uncover a huge number of hacked, botnet computers, said Dave Cullinane, eBay's chief information and security officer, speaking at a Microsoft-sponsored security symposium at Santa Clara University.

Cullinane, who one year ago downplayed the role of organised crime in phishing ("It's not the Sopranos," he said), believes that online attackers are indeed becoming more sophisticated, with malware developers now being funded to develop new and improved attacks.

In the past year, Cullinane has seen better organisation by eBay fraudsters. Criminals are being paid to develop better types of attacks, and the attacks are getting harder to detect, he added. "The phishing emails I see are extremely sophisticated," he said.

Apparently, this growing professionalisation has even cut down on mangled grammar. "The language they're using is very good." Cullinane said.

Last week eBay said data on 1,200 eBay members had probably been stolen via an phishing scam. The members' data was posted to the company's Trust & Safety discussion forum.

Cullinane's experience with phishing goes back to his previous employer, Washington Mutual, which has been one of the top phishing targets in the US.

While there, he noticed an unusual trend when taking down phishing sites.

"The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes," he said.

Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected.

Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured system, he could seize control of the machine.

Because Linux is highly reliable and a great platform for running server software, Linux machines are desired by phishers, who set up fake websites, hoping to lure victims into disclosing their passwords.

"We see a lot of Linux machines used in phishing," said Alfred Huger, vice president for Symantec Security Response. "We see them as part of the command and control networks for botnets, but we rarely see them be the actual bots. Botnets are almost uniformly Windows-based."

Since Linux machines can be used to more easily create specially crafted networking packets, they can be used in highly sophisticated online attacks, said Iftach Amit, director of security research with Finjan's malicious code research centre.

Capabilities like this make Linux machines highly coveted by online attackers, and they fetch a premium in the underground marketplace for compromised machines, Amit said.

Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Linux, rootkit, ebay, botnet, Security ID
Whitepapers
All whitepapers

The big money of Apple v. Samsung

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in New Zealand