New variant hides 'elaborate' eBay fraud

Powered by SC Magazine

Security experts have warned web users to guard against a newly intercepted mutant of the Feebs trojan that attempts to dupe eBay users with an "elaborate" fraud.

Aladdin, the security firm that identified the new variant as JS.Feebs, noted that when the malware is executed by an unwitting recipient, it displays fake loading screens that look like several popular search engines. This is followed by a false error message stating that there was no available connection. The scripts do this to mask their own activities that sometimes include disabling the system's antivirus and other security-related products as well as executing other malicious code.

JS.Feebs usually arrives by email, but it could also exist in websites that would infect visitors upon access, Aladdin warned.

The mutant initiates an "elaborate fraud" attack similar to phishing. Unlike classic phishing, no phishing email or a link to be clicked exists. Rather, the script modifies the HOSTS file found on the compromised target PC.

This file, when modified, can override the default DNS servers, thus allowing users' internet browsers to receive one address and lead to another, leading users to a spoofed site when they try to access eBay. When personal information is entered, the user will be taken to the actual eBay website, completely unaware that the sensitive information just entered was, in fact, stolen. All this time, the eBay web address appears normally, days or even weeks after the original infection took place.

Although the propagation of this new variant may be slow, its infection impact is high, according to Aladdin, as it steals personal information pertaining to regularly used sites.

"We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. "Although web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site," he said. "Thus, users are even more likely to provide their personal data, which then lands in the wrong hands."

Copyright © SC Magazine, US edition

Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx