RSS Alerts

Share

More services

Related Links

Related Stories

  • Facebook phishing attack sweeps social network users
    An attack that scammed Facebook users into divulging their passwords was the sixth most popular piece of malware on the internet this week, according to McAfee.
  • Phishers prepare Christmas campaign
    Phishers are gearing up for the Christmas holiday season, according to the latest report from Symantec. Phishing attacks were up 17% in October compared to the previous month, and phishers continue to automate their attacks by increasingly resourcing to phishing toolkits.
  • Spearphishing emails target customers of ill-equipped banks.
    The FBI has slammed poor security in financial institutions, after identifying a drastic rise in money being stolen from small to medium-sized businesses via spearphishing emails, it said in an intelligence note early this week.
  • FBI director almost fell for phishing attack
    The director of the FBI and the man charged with protecting the US from cyberthreats, Rober Mueller, has given up online banking after a phishing scare.
  • Keeping sensitive information secure when staff is leaving
    Career loyalty is an endangered creature. Unlike our predecessors, today’s workforce is unlikely to stay committed to a job for five years, let alone their entire lives. But with such a fluid stream of employees keeping human resources busy, and countless eyes being cast over company data, Rob Stringer investigates how sensitive information can stay faithful to its organisation, even if its staff don’t...

Top 5 Stories

News

eBay comes under attack, says Red Condor

01 April 2010

eBay is the victim of a phishing attack that uses its own compromised server, according to email filtering company Red Condor.

In an advisory published today, Red Condor said that a phishing mail sent by scammers reporting an eBay security alert differs from conventional phishing emails. This one tells victims that they must download a Security Shield program, which is in fact a trojan that harvests their passwords and presumably carries out other malicious activities on their machines.

Traditionally, phishing email relies on victims entering information about their accounts on spoof websites designed to look like the targeted company's genuine site. However, this mail directs victims to a web page containing a Download Now button to download software that directly compromises their machine.

This constitutes a blended threat, according to Red Condor. It is similar in concept to a recent attack carried out on Facebook users, that asked them to download a piece of software that would help them to reset their password.

However, this phishing attack differs in that it uses a compromised server within eBay's domain to host the software download button, Red Condor said.

"The scammers have exploited an 'About Me' page of a compromised eBay account to host the Trojan," said Tom Steding, president and CEO of Red Condor.

According to the email security company, very few antivirus engines have detected the malware targeting eBay. When it first discovered the campaign on Saturday, only five antivirus engines recognized the malicious software. Four days later, only seven antivirus products were identifying the downloadable executable as malicious.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012