Extremely Dangerous eBay Attack in Progress

Why would you want to do that? I guess every user who visits eBay looking for a car wants all the information he requests in order to be sure the Jeep he buys is a not a fake. But a recently discovered scam provides all kinds of information, including images and other type of content, but it actually aims to steal users' money through a dangerous Trojan. Here's how it works as it was described by the folks at Symantec: the attackers post auctions on eBay, selling cars just like any other registered member. "These auctions are not scams per se, but they are "legit" auctions that are used solely to attract potential victims-whoever asks a question or bids on these auctions becomes a potential victim", Liam OMurchu of Symantec wrote on the security vendor's blog.

After the auction expires, the attackers send messages to the interested users, informing them that the bid winner cannot pay and the car is available again through eBay. Once the victim opens the attachments, their computers get infected with a dangerous Trojan which will serve as a way to control their systems. "The Trojan connects to various Bayrob servers to receive configuration data and to notify the Bayrob controllers that the Trojan has been run. The Bayrob controllers do not continue with the scam of that particular user until they have received notification from the Trojan that it is installed and working correctly on the user's machine", the Symantec representative continued.

But this is the moment when the entire dangerous exploitation starts. It seems that the Trojan horse gives full control over the affected systems to the attackers. From now on, every new page corresponding to an ID included in the email returns a fake page to the user. That's why the infected computers are going to display fake eBay auctions and what's more dangerous, fake users' profiles which contain false feedback in order to convince the potential buyers that the seller is honest and he doesn't attempt to conduct money fraud.

At this time, there is no 100 percent efficient solution to avoid bidding in a fake auction, but you are advised to install a powerful antivirus as well as a firewall in order to block the access to the dangerous websites. To find all the malicious links to be restricted as well as more information about the scam, please read the full Symantec blog post available here.