It seems like people that make malware are getting more specific nowadays, the are no longer writing random self-propagating worms or trojans just for the sake of knowledge or notoriety.
Far more common nowadays is malware for specific purposes to capture login or banking details for certain sites or organisations.
This time it’s a custom trojan targetting eBay users.
eBay users are being targeted by an advanced Trojan that attempts to redirect traffic so it can silently bid on a car from the auction site’s car section, Symantec is warning. It is the latest security headache for eBay, which has faced an onslaught of complaints from some users who say fraud on the site has increased to unacceptable levels over the past few months.
eBay officials are aware of the Trojan and are working with Symantec to prevent it from affecting buyers and sellers, a spokeswoman said.
It seems to be a combination of phishing and malware rolled into one to grab details from eBay users.
Trojan.Bayrob implements a proxy server so that traffic intended for eBay is instead sent to one of several sites controlled by the attacker. Traffic is redirected by changing settings corresponding to at least six eBay URLs in the victim’s hosts file. Once connected to rogue servers, Bayrob is programmed to download configuration data, including a variety of php scripts.
At least one of the scripts, Var.php, downloads variables such as tokenized versions of eBay pages designed to dupe a victim into thinking they are legitimate. One such page spoofs eBay’s “Ask a question” section, which allows prospective buyers to – wait for it – ask sellers questions.
As always do be on guard.
Source: The Register