Trojan Attacks Auctiva, eBay’s External Developer Site

Auctiva, a third party developer site that supplies non-chargeable tools to 50% of the million sellers on eBay, came under attack from a Trojan horse named Trojan-Clicker. The virus infected the site after attaching itself to some of its JavaScript and HTML files.

Security specialists state that the virus affects those who handle eBay auctions via Auctiva as well as any user on eBay who magnifies pictures of auction products loaded on the site via Auctiva.

Security investigators at Symantec said that once the Trojan infects a system, the malware resides in the computer's memory while constantly trying to establish a link with certain websites so that the number of visits to those sites gets inflated.

Jeff Schlicht, Auctiva President, said that to remedy the problem, Auctiva instantly shut down the infected servers, erased the operating application from them, performed a reload and restored them again on the Internet around 3 pm on February 21, 2009, as reported by AuctionBytes on February 23, 2009.

But when users tried to access the site on the evening of February 22, 2009, they continued to encounter pop-up alerts due to which some sellers when utilizing Auctiva Checkout found that purchasers were not able to make the payment for the products.

Meanwhile, Auctiva confirming the malware infection via a message posted on its community boards said that its engineering team was investigating into the issue. However, at the moment, it appeared that the virus alerts on the site were due to some China-originated malware that was injected into certain Auctiva systems, the message stated. The company further stated that the malicious program reportedly infected many high profile and reputed websites during September 2008-February 2009.

Additionally, if the site is opened in Firefox browser, an alert describing Auctiva as an 'attack website' comes up. But this alert should be ignored and the site be used anyway, advises Auctiva support to users.

Finally, although Auctiva has fixed the problem, it recommends that computer users wipe out all temporary Internet files, clean the browser repository and reboot the web browser, in addition to running a reliable antivirus.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 3/5/2009