Trojan Bayrob targets eBay users

By
Follow google news

Symantec warned eBay users that a sophisticated Trojan is seeking to scam them with a man-in-the-middle attack.

Trojan Bayrob targets eBay users
Named Trojan.Bayrob, the malware changes user hosts files to redirect traffic destined to numerous eBay sites, including eBay Motors, to a local proxy server and listens on localhost port 80.  From there, Bayrob downloads configuration data from the eBay servers, including a number of php scripts.

“The most interesting of these scripts is var.php; this script returns many different variables, which will be used in the attack,” Liam O’Murchu wrote on the Symantec Security Response blog. “The downloaded variables include tokenised versions of legitimate eBay pages.”

O’Murchu said that the exact motive behind Bayrob is still a mystery since the proxy servers are not yet using the right variables to start showing fake pages to users.

A spokesperson from eBay confirmed today that the auction company is aware of the problem.

“We have been working with Symantec to ensure that they share the details of this with other anti-virus software vendors,” the spokesperson said. “

We strongly encourage eBay buyers and sellers to never click on or download a link or file that is unfamiliar to them and always ensure your anti-virus software is up-to-date.”
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
ebaysecuritytargetstrojanusers

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

Popular text editor Notepad++ was hacked to drop malware

Popular text editor Notepad++ was hacked to drop malware
WhatsApp unveils high-security mode

WhatsApp unveils high-security mode
NSW to overhaul state cyber emergency plan

NSW to overhaul state cyber emergency plan
'Moltbook' social media site for AI agents had big security hole

'Moltbook' social media site for AI agents had big security hole
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?