New variant hides 'elaborate' eBay fraud

By on

Security experts have warned web users to guard against a newly intercepted mutant of the Feebs trojan that attempts to dupe eBay users with an "elaborate" fraud.

Aladdin, the security firm that identified the new variant as JS.Feebs, noted that when the malware is executed by an unwitting recipient, it displays fake loading screens that look like several popular search engines. This is followed by a false error message stating that there was no available connection. The scripts do this to mask their own activities that sometimes include disabling the system's antivirus and other security-related products as well as executing other malicious code.

JS.Feebs usually arrives by email, but it could also exist in websites that would infect visitors upon access, Aladdin warned.

The mutant initiates an "elaborate fraud" attack similar to phishing. Unlike classic phishing, no phishing email or a link to be clicked exists. Rather, the script modifies the HOSTS file found on the compromised target PC.

This file, when modified, can override the default DNS servers, thus allowing users' internet browsers to receive one address and lead to another, leading users to a spoofed site when they try to access eBay. When personal information is entered, the user will be taken to the actual eBay website, completely unaware that the sensitive information just entered was, in fact, stolen. All this time, the eBay web address appears normally, days or even weeks after the original infection took place.

Although the propagation of this new variant may be slow, its infection impact is high, according to Aladdin, as it steals personal information pertaining to regularly used sites.

"We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. "Although web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site," he said. "Thus, users are even more likely to provide their personal data, which then lands in the wrong hands."

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?