Feeds

eBay goes hacker hunting in Romania

Fraud rising at internet speed

Build a business case: developing custom apps

Vladuz by any other name

In the past, eBay representatives have also said the hijacking of trusted accounts are the result of users falling for plain-vanilla phishing scams, and not the result of Vladuz or security vulnerabilities in eBay's system.

Indeed, we were unable to find evidence to suggest Vladuz is responsible for such take-overs or the increased volatility in listings. What is known is that a person by that name has taken a keen interest in eBay and has defrauded at least one eBay user.

Vladuz claims to be the author of a Firefox extension that he says automatically enters captcha image verification codes when making certain eBay transactions. The browser add-on appears to be harmless, according to Joe Stewart, a senior researcher and cyber gumshoe at SecureWorks, who tracks the comings and goings of online crooks. But it did require users to submit an email address and username to the Romanian site tokens.b0x.ro. (Stewart was responsible for some of the research for this article.)

That domain has been disabled, but the IP address of the server that hosted it later pointed to the domain name, denisforall.com, which was registered to, and unknowingly paid for by, Washington-state resident Eliza Alby using her debit card. Alby says she found two other unauthorized charges, one for the domain lorealparis333.com and the other for an audio plugin download from SRS Labs.

"I should look at my other transactions," Alby said after learning of the fraud.

Denisforall.com once advertised the Firefox plugin as well and included the business name SGI, according to this Google cache. On a separate page, miketysonthebest.com, another site connected to Vladuz, SGI is said to stand for Solutions for Generating Income, according to this cache image.

Vladuz has left other random tracks online. On banitarfearme.com and colourfish.com, for instance, the hacker published what appear to be password extractors that test whether phished account credentials are valid. In early November, a user named Vladuz even posted a comment in an eBay developer forum decrying a change designed to crack down on fraud.

Vladuz may have no compunction about trespassing on and stealing the property of others, but he's very protective of his own. On many of the sites where he publishes, he even goes through the trouble of copyrighting his code. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?