The eBay attack began with hackers compromising third-party web sites using a technique called SQL injection. Extra code was dynamically added to the main page of these web sites using a hidden IFRAME tag which loaded a malicious web page. This page contained a VBScript file that used AJAX to download and save a file called MISuvstm.exe into the Windows system folder. Once this file was downloaded, it attached itself to the Windows Explorer process and went hunting for a further trojan, called SRTops32.exe, which was the basis for a Distributed Denial-of-Service (DDoS) attack on eBay itself. The attack uses eBay's own Application Programming Interfaces to guess eBay users' passwords by brute force, although more traditional phishing techniques are also being used.
More on security threats:
"The future outlook isn't promising -- bot-affected software is growing more powerful and stealthy, making it harder to find and return to a secured state. The pressure is on computer users to become savvier about security and on organizations to spend more money on proactive defenses, and detection and reaction capabilities. Law enforcement will also need to deal with an increasing number of crimes that involve potentially thousands of computers at a time."