eBay Server Exploited in Phishing Attack

On April 1, 2010, the e-mail security company, Red Condor issued a warning about a fresh phishing e-mail that pretends to be a security alert from the top online marketplace - eBay. According to the firm, this attack has been found to be different from the traditional phishing attacks.

The e-mail purporting to be coming from eBay carries the subject line "eBay Procedural Warning - Security Alert" and addresses the recipient as an "eBay Member". It informs the recipient that eBay has discovered security flaws on behalf of his account.

Recipients are further told that to fix the security issue, they need to get the eBay Security Shield. The e-mail contains an embedded link that in fact directs user to most probably a hacked site on the network of eBay. Besides, there is a Download Now button on the website, which drops a Trojan virus upon execution.

After the victim follows the instructions given in the e-mail and installs the malware, he is asked to log into his eBay account. In this way, login credentials of the victim's eBay account reach scammers.

Red Condor stated that concept-wise, this attack resembled a recent assault conducted on the users of popular social networking site Facebook. In that attack, users were asked to install an application that would assist them in resetting their password.

However, the thing that differentiates the latest attack from the previous is that it makes use of a hacked server within eBay's network for the purpose of hosting software download button, Red Condor revealed.

Tom Steding, President and CEO, Red Condor, stated that hackers have abused an "About Me" page of a hacked eBay account to host Trojan, reported Infosecurity.com on April 1, 2010. This scam is an extremely sophisticated malicious attack and represents the kind of phishing attacks that are likely to be seen more in coming times, he added.

According to the firm, malware-targeting eBay has only been detected by a few antivirus solutions. Only five antivirus solutions detected the malware when the firm first found the campaign on March 27, 2010. Even after four days, only seven antivirus solutions recognized the malware.

Related article: eBay Announces Its New “Safeguarding Member IDs” Project

» SPAMfighter News - 4/12/2010