Man-in-the-middle attack targets eBay

Trojan intercepts auction communications, possibly bidding.

A trojan has been spotted attempting to run a man-in-the-middle style hijack of connections to several eBay sites and pages. The malware seems to be targeting the eBay Motors car-selling site.

Advertise on www.virusbtn.com

The trojan, once installed locally, sets up a proxy server and listens for attempts to visit a number of pre-defined locations run by the online auction giant, including auction query forms and vendor ratings pages. It is then able to redirect traffic to auctions of its maker's choosing, after connecting to one of several sites set up to provide it with redirection data.

eBay security has been the subject of much scrutiny recently after a hacker acquired access to an administrator account and posted several messages to forums at the site, showing off his elevated access. eBay Motors has also been criticised for its high levels of fraud, particularly since changes in bidder privacy measures were introduced earlier this year, in an effort to minimise phishing.

It is not yet known how the attack is intended to operate, as the sites serving data to infected machines have yet to issue activation codes for specific auctions to redirect to. More detailed analysis, including several screenshots, can be found in a Symantec blog entry, here.

06 March 2007

Tags:    del.icio.us  digg this! digg this

Poll

How are your spam levels compared to two months ago?
Significantly higher
More or less the same
Significantly lower
I don't know

Leave a comment
View 4 comments
Jobs Career Sidebar

VB100 certification

VB100 The final VB100 of the year sees a double whammy of potential pitfalls for our comparative participants - the Vista operating system, which still seems shiny and new as well as a little scary (to both developers and users), as well as the x64 architecture, whose ostensible compatibility with standard 32-bit software belies oddities and intricacies that developers ignore at their peril. The announcement of the test brought a few surprises, as several regulars opted to skip this one, but the majority of veteran competitors took part as usual, along with several newer faces, many of whom look set to join the ranks of our regulars.
See full results.
Virus Bulletin currently has 148,244 registered users.