Sunday, August 06, 2006

Botnets used to Scam eBay Users

With all the talk about the DefCon (Black Hat) conference in Vegas, this story seems to have gone to the wayside.

Botnets are used by organized criminals - who employ hackers (the malicious sort) - to commit crime on the Internet. Now they are being used on eBay to create phony customer feedback scores and commit auction fraud.

Botnets consist of computer systems that have been taken over after malware is downloaded. The systems are then turned into "zombies" and can be controlled remotely. The "zombie computers" are then used by their owners to commit all kinds of mischief (the illegal type).

Gregg Keizer, TechWeb Technology News reports:

Scammers are using bots to create bogus eBay accounts that boast trustworthy profiles in a new scheme to rip off buyers, a security company said Monday."

The scam, said Sunnyvale, Calif.-based Fortinet, is a new twist on an old con where criminals set up bogus auctions, rake in the proceeds, and then scram, never intending to ship anything to buyers."

Long-time eBay users, however, have gotten wise to such double-crosses, and have learned to avoid auctions where the seller has little or no transaction record and/or little or no buyer feedback.

The new dodge, however, makes that defense useless.

According to Fortinet, the racket uses a bot to create a large number of fake accounts, then applies a spider to scavenge eBay for 1-cent "Buy Now" items, then purchase them.


Once they get a "good rating" going, the scam begins.

Link to the full story by TechWeb, here.

Of course, phishing takes a toll on eBay users, also. Normally, the intent here is to takeover a account with a good rating and then disappear.

Interestingly enough, PIRT run by CastleCops and Sunbelt Software just released the Top Phished Brands - which confirms that eBay and it's sister organization PayPal are phished more than any other brands.

Technology continues to be leveraged by criminals to commit crime on auction sites. In this instance, the recommendation is to read the feedback of the seller "carefully" and beware of anyone with too many 1-cent auctions.

It also pays to ensure the protection for your system is up-to-date and avoid clicking on any links that you aren't certain of.

Here is a good post about how to avoid fraud on auction sites:

How to Protect Yourself on eBay

To avoid phishing scams - which often lead to malware downloads - the APWG (Anti Phishing Working Group) has a good link, here.

No comments: