Trojan Bayrob targets eBay users

By
Follow google news

Symantec warned eBay users that a sophisticated Trojan is seeking to scam them with a man-in-the-middle attack.

Trojan Bayrob targets eBay users
Named Trojan.Bayrob, the malware changes user hosts files to redirect traffic destined to numerous eBay sites, including eBay Motors, to a local proxy server and listens on localhost port 80.  From there, Bayrob downloads configuration data from the eBay servers, including a number of php scripts.

“The most interesting of these scripts is var.php; this script returns many different variables, which will be used in the attack,” Liam O’Murchu wrote on the Symantec Security Response blog. “The downloaded variables include tokenised versions of legitimate eBay pages.”

O’Murchu said that the exact motive behind Bayrob is still a mystery since the proxy servers are not yet using the right variables to start showing fake pages to users.

A spokesperson from eBay confirmed today that the auction company is aware of the problem.

“We have been working with Symantec to ensure that they share the details of this with other anti-virus software vendors,” the spokesperson said. “

We strongly encourage eBay buyers and sellers to never click on or download a link or file that is unfamiliar to them and always ensure your anti-virus software is up-to-date.”
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
ebaysecuritytargetstrojanusers

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

The BoM has finally tamed SSL

The BoM has finally tamed SSL
Tasmanian gov agencies impacted by cyber attack

Tasmanian gov agencies impacted by cyber attack
Australian chief at US defence contractor L3Harris sold exploits to Russia

Australian chief at US defence contractor L3Harris sold exploits to Russia
Vic gov agencies flying blind on server security, audit finds

Vic gov agencies flying blind on server security, audit finds
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?