Feeds

'Fiendish' Trojan pickpockets eBay users

It's new and improved. And it just nabbed $8,600

Providing a secure and efficient Helpdesk

The malware appears to be a reworking of Trojan.Bayrob, which first came to light in early March when researchers from Symantec wrote reports here and here.

It arrives in an attachment to an email responding to a bid and installs a local proxy server that redirects traffic bound for eBay. The proxy, according to Symantec, spoofs sensitive pages on eBay, including the "ask a question" messaging feature for online auctions. The Trojan also inflates the user feedback score of the purported buyer, according to Symantec.

In the intervening seven months, the Trojan has been updated so that, among other things, traffic bound for sites such as Carfax and nine other addresses maintained by third-party companies will also be redirected. This helps thwart victims who try to independently confirm details fed on the falsified eBay pages.

eBay spokeswoman Nichola Sharpe says the company's security team has forwarded samples of the new strain to anti-virus companies so they can add it to the updates they send to customers.

Bogus location

When the Ohio victim used her infected PC to get a history of the Jeep from Carfax, she was told the vehicle was in California, a detail that was consistent with what scammers were telling her. Using a clean computer to access the same information shows the Jeep is located in Pennsylvania.

Seeing no reason to doubt the authenticity of the auction, the victim paid $8,650 on October 4 using a bank-to-bank transfer, a payment method that is approved by eBay. She has yet to receive delivery of the Jeep, and the purported seller has since become unreachable.

Although eBay Motors promises to protect purchases up to $20,000 against fraud, the company is refusing to cover the costs of the Ohio victim. "Items purchased outside of eBay are not covered, including those bought directly from a seller," a customer representative wrote in an email to the victim.

The victim, a college-educated stay-at-home mother, said she kept on top of her Windows updates, ran security software from Symantec and was careful not to fall for the ploy of phishers. eBay's security team says she got infected after clicking on the email attachment sent in response to her bid. She said it never occurred to her that a bid she made on eBay would leave her open to an attack that would completely compromise her system.

So she has opted to close down her eBay and PayPal accounts and vowed never again to do business with the company.

I don't have a right to be on there because I'm not knowledgeable about everything [criminals] are pulling there these days, she said. "I assumed I was purchasing this through eBay so my guard was down. As high-tech as this was, I don't know what I would have done differently." ®

If you have intelligence about Trojan.Bayrob or other scams targeting eBay, please contact Dan Goodin using this link.

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.