Researchers looking into an eBay theft have discovered a "fiendishly clever" Trojan that not only creates a fake eBay site, but fake third-party sites as well.
According to a report by experts at Exploit Prevention Labs, the Trojan installs a scaled-down Web server on an infected machine that masquerades as eBay as well as several third-party destinations frequently used to sniff out fraudulent offerings, including Carfax.com, Autocheck.com and Escrow.com.
When a victim browses to one of these sites, the Web server creates a parallel universe of sorts, in which the victim sees counterfeit pages designed to counter fraud protection mechanisms offered by eBay and third-party sites.
The malware was discovered after an eBay user lost $8,650 trying to buy a 2005 Jeep Liberty on eBay Motors. The Trojan mimicked not only all of eBay's functions, but also the third-party sites used to validate the purchase. It even sent bogus notification messages to the user's own eBay message folder.
"There's no reason to suspect it's fraud until it's too late," said the Ohio-based user.
Tim Wilson, Site Editor, Dark Reading