New Feebs Variant Identified by Aladdin CSRT Includes Elaborate eBay Fraud Attempt

CHICAGO, February 2, 2006 – Aladdin Knowledge Systems (NASDAQ: ALDN), the worldwide leader in Software Digital Rights Management (SW DRM) and USB-based authentication solutions, and a leading innovator in enterprise secure content management, today announced that its Aladdin eSafe Content Security Response Team (CSRT) has identified a new variant of the Feebs Trojan that includes a dangerous new fraud attempt. Aladdin identifies the new variant of JS.Feebs.

Barely a month in, 2006 has already been dubbed “The Year of Phishing.” According to numerous reports, this year we are likely to see a sharp increase in phishing attacks. The evidence of this imminent threat is already apparent, with new phishing Web sites popping up every day. One of the latest additions to this growing epidemic is Aladdin’s discovery of a new JS.Feebs variant. When executed, the new JS.Feebs variant usually displays a fake loading screen that looks like various popular search engines. This is followed by a false error message stating that there was no available connection. The scripts do this to mask their own activities which sometimes include disabling the system’s antivirus and other security-related products as well as executing other malicious code. JS.Feebs usually arrives by email, but it could also exist in Web sites that would infect visitors upon access.

Elaborate New Fraud Attempt

This new JS.Feebs variant also initiates an elaborate fraud attack similar to phishing, Unlike “classic” phishing, no phishing email or a link to be clicked exists. Rather, certain network settings of the infected machine are modified in such a way that when surfing to sites such as eBay (the popular online auctions Web site), using any browser, clicking on an eBay link on the Web, or even accessing it from the Favorites shortcut, the victim is invisibly forwarded to a spoofed eBay site. All this time, the eBay Web address appears normally. This happens even if the user accesses the site days or even weeks after the original infection took place. Although the propagation of this new variant may be slow, its infection impact is high, as it steals personal information pertaining to regularly used sites.

The script modifies the HOSTS file found on the target PC. This file, when modified, can override the default DNS servers, thus allowing the user’s Internet browser to receive one address and lead to another. JS.Feebs, in this case, redirects all attempts to enter eBay to its own, seemingly identical page. When a user attempts to follow any links or enter a search in the appropriate field, the script will ask for his username and password.

When personal information is entered, the user will be taken to the actual eBay Web site, completely unaware that the sensitive information just entered was, in fact, stolen. With this information a hacker can order goods for free, and let the infected user pay the price.

“We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams,” said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. “Although Web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site. Thus, users are even more likely to provide their personal data, which then lands in the wrong hands.”

Aladdin eSafe users are completely immune to this attack since yesterday. Others may identify this same threat as the “Qhost” variant. For more information, visit

About Aladdin

Aladdin Knowledge Systems Ltd. is a global provider of security solutions that reduce software theft, authenticate network users and protect against unwanted Internet and e-mail content, including spam, viruses and spyware. Its security products are organized into two segments: Software Digital Rights Management (DRM) and Enterprise Security. Aladdin’s Software DRM products allow software publishers to protect their intellectual property and increase revenues by reducing losses from software theft and piracy. Its Enterprise Security solutions enable organizations to secure their information technology assets by controlling who has access to their networks (authentication) and what content their users can utilize (content security). Visit the Aladdin Web site at

Don't miss