Feeds

eBay goes hacker hunting in Romania

Fraud rising at internet speed

SANS - Survey on application security programs

Vladuz by any other name

In the past, eBay representatives have also said the hijacking of trusted accounts are the result of users falling for plain-vanilla phishing scams, and not the result of Vladuz or security vulnerabilities in eBay's system.

Indeed, we were unable to find evidence to suggest Vladuz is responsible for such take-overs or the increased volatility in listings. What is known is that a person by that name has taken a keen interest in eBay and has defrauded at least one eBay user.

Vladuz claims to be the author of a Firefox extension that he says automatically enters captcha image verification codes when making certain eBay transactions. The browser add-on appears to be harmless, according to Joe Stewart, a senior researcher and cyber gumshoe at SecureWorks, who tracks the comings and goings of online crooks. But it did require users to submit an email address and username to the Romanian site tokens.b0x.ro. (Stewart was responsible for some of the research for this article.)

That domain has been disabled, but the IP address of the server that hosted it later pointed to the domain name, denisforall.com, which was registered to, and unknowingly paid for by, Washington-state resident Eliza Alby using her debit card. Alby says she found two other unauthorized charges, one for the domain lorealparis333.com and the other for an audio plugin download from SRS Labs.

"I should look at my other transactions," Alby said after learning of the fraud.

Denisforall.com once advertised the Firefox plugin as well and included the business name SGI, according to this Google cache. On a separate page, miketysonthebest.com, another site connected to Vladuz, SGI is said to stand for Solutions for Generating Income, according to this cache image.

Vladuz has left other random tracks online. On banitarfearme.com and colourfish.com, for instance, the hacker published what appear to be password extractors that test whether phished account credentials are valid. In early November, a user named Vladuz even posted a comment in an eBay developer forum decrying a change designed to crack down on fraud.

Vladuz may have no compunction about trespassing on and stealing the property of others, but he's very protective of his own. On many of the sites where he publishes, he even goes through the trouble of copyrighting his code. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.