Feeds

'Fiendish' Trojan pickpockets eBay users

It's new and improved. And it just nabbed $8,600

Providing a secure and efficient Helpdesk

The malware appears to be a reworking of Trojan.Bayrob, which first came to light in early March when researchers from Symantec wrote reports here and here.

It arrives in an attachment to an email responding to a bid and installs a local proxy server that redirects traffic bound for eBay. The proxy, according to Symantec, spoofs sensitive pages on eBay, including the "ask a question" messaging feature for online auctions. The Trojan also inflates the user feedback score of the purported buyer, according to Symantec.

In the intervening seven months, the Trojan has been updated so that, among other things, traffic bound for sites such as Carfax and nine other addresses maintained by third-party companies will also be redirected. This helps thwart victims who try to independently confirm details fed on the falsified eBay pages.

eBay spokeswoman Nichola Sharpe says the company's security team has forwarded samples of the new strain to anti-virus companies so they can add it to the updates they send to customers.

Bogus location

When the Ohio victim used her infected PC to get a history of the Jeep from Carfax, she was told the vehicle was in California, a detail that was consistent with what scammers were telling her. Using a clean computer to access the same information shows the Jeep is located in Pennsylvania.

Seeing no reason to doubt the authenticity of the auction, the victim paid $8,650 on October 4 using a bank-to-bank transfer, a payment method that is approved by eBay. She has yet to receive delivery of the Jeep, and the purported seller has since become unreachable.

Although eBay Motors promises to protect purchases up to $20,000 against fraud, the company is refusing to cover the costs of the Ohio victim. "Items purchased outside of eBay are not covered, including those bought directly from a seller," a customer representative wrote in an email to the victim.

The victim, a college-educated stay-at-home mother, said she kept on top of her Windows updates, ran security software from Symantec and was careful not to fall for the ploy of phishers. eBay's security team says she got infected after clicking on the email attachment sent in response to her bid. She said it never occurred to her that a bid she made on eBay would leave her open to an attack that would completely compromise her system.

So she has opted to close down her eBay and PayPal accounts and vowed never again to do business with the company.

I don't have a right to be on there because I'm not knowledgeable about everything [criminals] are pulling there these days, she said. "I assumed I was purchasing this through eBay so my guard was down. As high-tech as this was, I don't know what I would have done differently." ®

If you have intelligence about Trojan.Bayrob or other scams targeting eBay, please contact Dan Goodin using this link.

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.