By Robert McMillan
4 October, 2007
When it comes to launching online attacks, criminals are getting more
organised and branching out from the Windows operating system, says
eBay's security chief.
eBay recently did an in-depth analysis of its threat situation, and
while the company is not releasing the results of this analysis, it did
uncover a huge number of hacked, botnet computers, said Dave Cullinane,
eBay's chief information and security officer, speaking at a
Microsoft-sponsored security symposium at Santa Clara University.
Cullinane, who one year ago downplayed the role of organised crime in
phishing ("It's not the Sopranos," he said), believes that online
attackers are indeed becoming more sophisticated, with malware
developers now being funded to develop new and improved attacks.
In the past year, Cullinane has seen better organisation by eBay
fraudsters. Criminals are being paid to develop better types of attacks,
and the attacks are getting harder to detect, he added. "The phishing
emails I see are extremely sophisticated," he said.
Apparently, this growing professionalisation has even cut down on
mangled grammar. "The language they're using is very good." Cullinane
Last week eBay said data on 1,200 eBay members had probably been stolen
via an phishing scam. The members' data was posted to the company's
Trust & Safety discussion forum.
Cullinane's experience with phishing goes back to his previous employer,
Washington Mutual, which has been one of the top phishing targets in the
While there, he noticed an unusual trend when taking down phishing
"The vast majority of the threats we saw were rootkitted Linux boxes,
which was rather startling. We expected Microsoft boxes," he said.
Rootkit software covers the tracks of the attackers and can be extremely
difficult to detect. According to Cullinane, none of the Linux operators
whose machines had been compromised were even aware they'd been
Although Linux has long been considered more secure than Windows, many
of the programs that run on top of Linux have known security
vulnerabilities, and if an attacker were to exploit an unpatched bug on
a misconfigured system, he could seize control of the machine.
Because Linux is highly reliable and a great platform for running server
software, Linux machines are desired by phishers, who set up fake
websites, hoping to lure victims into disclosing their passwords.
"We see a lot of Linux machines used in phishing," said Alfred Huger,
vice president for Symantec Security Response. "We see them as part of
the command and control networks for botnets, but we rarely see them be
the actual bots. Botnets are almost uniformly Windows-based."
Since Linux machines can be used to more easily create specially crafted
networking packets, they can be used in highly sophisticated online
attacks, said Iftach Amit, director of security research with Finjan's
malicious code research centre.
Capabilities like this make Linux machines highly coveted by online
attackers, and they fetch a premium in the underground marketplace for
compromised machines, Amit said.
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com