14 DAY TRIAL // eBay is the well known online auction and shopping website that allows users to bid and buy products online using a simple and secure web interface. Because it works with financial information, it's very important to provide a safe way to make transactions and acquire new stuff. This is the main reason that makes hackers continuously attack the page, trying to obtain financial details or bank accounts. Today, a new hack attack was reported by Virus Bulletin, a security company that identified numerous attempts for hijacking connections to the eBay motors, the car selling website.
"eBay security has been the subject of much scrutiny recently after a hacker acquired access to an administrator account and posted several messages to forums at the site, showing off his elevated access. eBay Motors has also been criticized for its high levels of fraud, particularly since changes in bidder privacy measures were introduced earlier this year, in an effort to minimize phishing. It is not yet known how the attack is intended to operate, as the sites serving data to infected machines have yet to issue activation codes for specific auctions to redirect to," Virus Bulletin reported.
The exploitation works quite simple but it requires a user action to be started. That's why all the eBay clients that are looking to avoid a hacking attack must also avoid clicking on untrusted files. So, the procedure is based on a Trojan that must be installed on the remote computer, allowing the attacker to connect using a proxy server. Then, the malicious file will connect to some predefined locations and collect certain eBay information.
Some time ago, eBay decided to block the auction of virtual goods because more and more users started to buy and sell Word Of Warcraft items, making eBay a real virtual market for games' products.