Exploit even creates fake third-party validation sites

Dark Reading Staff, Dark Reading

October 23, 2007

1 Min Read

Researchers looking into an eBay theft have discovered a "fiendishly clever" Trojan that not only creates a fake eBay site, but fake third-party sites as well.

According to a report by experts at Exploit Prevention Labs, the Trojan installs a scaled-down Web server on an infected machine that masquerades as eBay as well as several third-party destinations frequently used to sniff out fraudulent offerings, including Carfax.com, Autocheck.com and Escrow.com.

When a victim browses to one of these sites, the Web server creates a parallel universe of sorts, in which the victim sees counterfeit pages designed to counter fraud protection mechanisms offered by eBay and third-party sites.

The malware was discovered after an eBay user lost $8,650 trying to buy a 2005 Jeep Liberty on eBay Motors. The Trojan mimicked not only all of eBay's functions, but also the third-party sites used to validate the purchase. It even sent bogus notification messages to the user's own eBay message folder.

"There's no reason to suspect it's fraud until it's too late," said the Ohio-based user.

— Tim Wilson, Site Editor, Dark Reading

Read more about:


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights