Randy S
Feb 15th, 06, 07:02 PM
I was surfing eBay looking at second gen Camaro's and ran across a new exploit. New to me at least.
There was a red '70 model that looked pretty nice with a starting bid of $4,851. When I clicked on it, the eBay login page popped up. It looked exactly like eBay's login page, but I was immediately suspicious because I've never had to login in order to view auctions. I hit "back" a couple of times and the browser couldn't leave the fake login page. I closed Internet Explorer and my anti-virus software picked up a trojan!
Apparently some ^&*(@#$ hacker wannabe had embedded a javascript URL redirect trojan in their auction text. I presume the intent was to steal eBay uid's and pw's and place orders or try to hack the associated PayPal accounts. I sent the particulars (auction id, trojan name, and Symantec's breakdown of the impact) to eBay's fraud department and they had the auction removed within an hour.
Moral of the story; run good firewall and anti-virus programs with up-to-date definitions.
Here are some details on this particular one from Symantec.
JS.Trojan.Blinder - is an embedded JavaScript Trojan horse that spoofs the URL displayed in the browser address bar. The page displayed is a form that requests personal banking and ATM information. This may lead a user to believe that they are visiting a trusted Web site, when they are actually browsing a malicious Web site.
Apparently this has been around a while; here's a link (http://www.infectionvectors.com/vectors/phishing_lures.htm) from April of 2005 with some info.
There was a red '70 model that looked pretty nice with a starting bid of $4,851. When I clicked on it, the eBay login page popped up. It looked exactly like eBay's login page, but I was immediately suspicious because I've never had to login in order to view auctions. I hit "back" a couple of times and the browser couldn't leave the fake login page. I closed Internet Explorer and my anti-virus software picked up a trojan!
Apparently some ^&*(@#$ hacker wannabe had embedded a javascript URL redirect trojan in their auction text. I presume the intent was to steal eBay uid's and pw's and place orders or try to hack the associated PayPal accounts. I sent the particulars (auction id, trojan name, and Symantec's breakdown of the impact) to eBay's fraud department and they had the auction removed within an hour.
Moral of the story; run good firewall and anti-virus programs with up-to-date definitions.
Here are some details on this particular one from Symantec.
JS.Trojan.Blinder - is an embedded JavaScript Trojan horse that spoofs the URL displayed in the browser address bar. The page displayed is a form that requests personal banking and ATM information. This may lead a user to believe that they are visiting a trusted Web site, when they are actually browsing a malicious Web site.
Apparently this has been around a while; here's a link (http://www.infectionvectors.com/vectors/phishing_lures.htm) from April of 2005 with some info.