Man-in-the-middle attack targets eBay
Trojan intercepts auction communications, possibly bidding.
A trojan has been spotted attempting to run a man-in-the-middle style hijack of connections to several eBay sites and pages. The malware seems to be targeting the eBay Motors car-selling site.

The trojan, once installed locally, sets up a proxy server and listens for attempts to visit a number of pre-defined locations run by the online auction giant, including auction query forms and vendor ratings pages. It is then able to redirect traffic to auctions of its maker's choosing, after connecting to one of several sites set up to provide it with redirection data.
eBay security has been the subject of much scrutiny recently after a hacker acquired access to an administrator account and posted several messages to forums at the site, showing off his elevated access. eBay Motors has also been criticised for its high levels of fraud, particularly since changes in bidder privacy measures were introduced earlier this year, in an effort to minimise phishing.
It is not yet known how the attack is intended to operate, as the sites serving data to infected machines have yet to issue activation codes for specific auctions to redirect to. More detailed analysis, including several screenshots, can be found in a Symantec blog entry, here.
06 March 2007
Tags:
del.icio.us
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010

Quick Links
![]() |
Poll
When do you install software updates?Leave a comment
View 12 comments

2 hours ago
6 hours ago
Virus Bulletin
In this month's magazine:- VB100 – Windows Vista Business Edition Service Pack 2
- Apple pie order?
- Anti-unpacker tricks – part eleven
- Advanced exploit framework lab set-up
- HTML structure-based proactive phishing detection
- What’s the deal with sender authentication? Part 3

Subscribe now!
Virus Bulletin currently has 208,224 registered users.



