Feeds

'Fiendish' Trojan pickpockets eBay users

It's new and improved. And it just nabbed $8,600

Choosing a cloud hosting partner with confidence

The malware appears to be a reworking of Trojan.Bayrob, which first came to light in early March when researchers from Symantec wrote reports here and here.

It arrives in an attachment to an email responding to a bid and installs a local proxy server that redirects traffic bound for eBay. The proxy, according to Symantec, spoofs sensitive pages on eBay, including the "ask a question" messaging feature for online auctions. The Trojan also inflates the user feedback score of the purported buyer, according to Symantec.

In the intervening seven months, the Trojan has been updated so that, among other things, traffic bound for sites such as Carfax and nine other addresses maintained by third-party companies will also be redirected. This helps thwart victims who try to independently confirm details fed on the falsified eBay pages.

eBay spokeswoman Nichola Sharpe says the company's security team has forwarded samples of the new strain to anti-virus companies so they can add it to the updates they send to customers.

Bogus location

When the Ohio victim used her infected PC to get a history of the Jeep from Carfax, she was told the vehicle was in California, a detail that was consistent with what scammers were telling her. Using a clean computer to access the same information shows the Jeep is located in Pennsylvania.

Seeing no reason to doubt the authenticity of the auction, the victim paid $8,650 on October 4 using a bank-to-bank transfer, a payment method that is approved by eBay. She has yet to receive delivery of the Jeep, and the purported seller has since become unreachable.

Although eBay Motors promises to protect purchases up to $20,000 against fraud, the company is refusing to cover the costs of the Ohio victim. "Items purchased outside of eBay are not covered, including those bought directly from a seller," a customer representative wrote in an email to the victim.

The victim, a college-educated stay-at-home mother, said she kept on top of her Windows updates, ran security software from Symantec and was careful not to fall for the ploy of phishers. eBay's security team says she got infected after clicking on the email attachment sent in response to her bid. She said it never occurred to her that a bid she made on eBay would leave her open to an attack that would completely compromise her system.

So she has opted to close down her eBay and PayPal accounts and vowed never again to do business with the company.

I don't have a right to be on there because I'm not knowledgeable about everything [criminals] are pulling there these days, she said. "I assumed I was purchasing this through eBay so my guard was down. As high-tech as this was, I don't know what I would have done differently." ®

If you have intelligence about Trojan.Bayrob or other scams targeting eBay, please contact Dan Goodin using this link.

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
China is ALREADY spying on Apple iCloud users, watchdog claims
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.