Related topics
  • ,
  • ,
  • ,

eBay goes hacker hunting in Romania

Fraud rising at internet speed

Vladuz by any other name

In the past, eBay representatives have also said the hijacking of trusted accounts are the result of users falling for plain-vanilla phishing scams, and not the result of Vladuz or security vulnerabilities in eBay's system.

Indeed, we were unable to find evidence to suggest Vladuz is responsible for such take-overs or the increased volatility in listings. What is known is that a person by that name has taken a keen interest in eBay and has defrauded at least one eBay user.

Vladuz claims to be the author of a Firefox extension that he says automatically enters captcha image verification codes when making certain eBay transactions. The browser add-on appears to be harmless, according to Joe Stewart, a senior researcher and cyber gumshoe at SecureWorks, who tracks the comings and goings of online crooks. But it did require users to submit an email address and username to the Romanian site tokens.b0x.ro. (Stewart was responsible for some of the research for this article.)

That domain has been disabled, but the IP address of the server that hosted it later pointed to the domain name, denisforall.com, which was registered to, and unknowingly paid for by, Washington-state resident Eliza Alby using her debit card. Alby says she found two other unauthorized charges, one for the domain lorealparis333.com and the other for an audio plugin download from SRS Labs.

"I should look at my other transactions," Alby said after learning of the fraud.

Denisforall.com once advertised the Firefox plugin as well and included the business name SGI, according to this Google cache. On a separate page, miketysonthebest.com, another site connected to Vladuz, SGI is said to stand for Solutions for Generating Income, according to this cache image.

Vladuz has left other random tracks online. On banitarfearme.com and colourfish.com, for instance, the hacker published what appear to be password extractors that test whether phished account credentials are valid. In early November, a user named Vladuz even posted a comment in an eBay developer forum decrying a change designed to crack down on fraud.

Vladuz may have no compunction about trespassing on and stealing the property of others, but he's very protective of his own. On many of the sites where he publishes, he even goes through the trouble of copyrighting his code. ®

Sponsored: 10 ways wire data helps conquer IT complexity