Feeds

'Fiendish' Trojan pickpockets eBay users

It's new and improved. And it just nabbed $8,600

Build a business case: developing custom apps

The malware appears to be a reworking of Trojan.Bayrob, which first came to light in early March when researchers from Symantec wrote reports here and here.

It arrives in an attachment to an email responding to a bid and installs a local proxy server that redirects traffic bound for eBay. The proxy, according to Symantec, spoofs sensitive pages on eBay, including the "ask a question" messaging feature for online auctions. The Trojan also inflates the user feedback score of the purported buyer, according to Symantec.

In the intervening seven months, the Trojan has been updated so that, among other things, traffic bound for sites such as Carfax and nine other addresses maintained by third-party companies will also be redirected. This helps thwart victims who try to independently confirm details fed on the falsified eBay pages.

eBay spokeswoman Nichola Sharpe says the company's security team has forwarded samples of the new strain to anti-virus companies so they can add it to the updates they send to customers.

Bogus location

When the Ohio victim used her infected PC to get a history of the Jeep from Carfax, she was told the vehicle was in California, a detail that was consistent with what scammers were telling her. Using a clean computer to access the same information shows the Jeep is located in Pennsylvania.

Seeing no reason to doubt the authenticity of the auction, the victim paid $8,650 on October 4 using a bank-to-bank transfer, a payment method that is approved by eBay. She has yet to receive delivery of the Jeep, and the purported seller has since become unreachable.

Although eBay Motors promises to protect purchases up to $20,000 against fraud, the company is refusing to cover the costs of the Ohio victim. "Items purchased outside of eBay are not covered, including those bought directly from a seller," a customer representative wrote in an email to the victim.

The victim, a college-educated stay-at-home mother, said she kept on top of her Windows updates, ran security software from Symantec and was careful not to fall for the ploy of phishers. eBay's security team says she got infected after clicking on the email attachment sent in response to her bid. She said it never occurred to her that a bid she made on eBay would leave her open to an attack that would completely compromise her system.

So she has opted to close down her eBay and PayPal accounts and vowed never again to do business with the company.

I don't have a right to be on there because I'm not knowledgeable about everything [criminals] are pulling there these days, she said. "I assumed I was purchasing this through eBay so my guard was down. As high-tech as this was, I don't know what I would have done differently." ®

If you have intelligence about Trojan.Bayrob or other scams targeting eBay, please contact Dan Goodin using this link.

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?