Man-in-the-middle attack targets eBay
Trojan intercepts auction communications, possibly bidding.
A trojan has been spotted attempting to run a man-in-the-middle style hijack of connections to several eBay sites and pages. The malware seems to be targeting the eBay Motors car-selling site.
The trojan, once installed locally, sets up a proxy server and listens for attempts to visit a number of pre-defined locations run by the online auction giant, including auction query forms and vendor ratings pages. It is then able to redirect traffic to auctions of its maker's choosing, after connecting to one of several sites set up to provide it with redirection data.
eBay security has been the subject of much scrutiny recently after a hacker acquired access to an administrator account and posted several messages to forums at the site, showing off his elevated access. eBay Motors has also been criticised for its high levels of fraud, particularly since changes in bidder privacy measures were introduced earlier this year, in an effort to minimise phishing.
It is not yet known how the attack is intended to operate, as the sites serving data to infected machines have yet to issue activation codes for specific auctions to redirect to. More detailed analysis, including several screenshots, can be found in a Symantec blog entry, here.
06 March 2007
Tags:
del.icio.us
digg this
Poll
Do you use the same password(s) across multiple websites?Leave a comment
View 4 comments

Jobs
In Virus Bulletin's jobs pages among others:- Employee for the First Level Support (Tettnang, Germany, Germany)
- Virus Researcher (Tettnang, Germany)
Virus Bulletin currently has 190,781 registered users.

