Red Condor Warns Of EBay Phishing Scam

Tuesday, April 6, 2010

Anti-spam firm Red Condor has issued a warning about a new blended email threat that appears to be a security alert from eBay.

The email has the subject line "eBay Procedural Warning-Security Alert," it is addressed to "Dear eBay Member," and warns recipients that the sender has "detected security issues on behalf of your account."

The email warns that to correct the issue, users "have to download and install the eBay Security Shield." The embedded link in the email actually takes a user to a likely compromised site on eBay's network. On the site is a Download Now Button that when executed installs a Trojan virus. After a user installs the malware they are instructed to log into their eBay account, which then sends their eBay log-in data to the scammers.

Red Condor says only a handful of anti-virus engines detected the malware.

"While this is a relatively low volume campaign, the scammers have not only figured out how to circumvent the majority of anti-virus engines, they have also exploited an 'About Me' page of a compromised eBay account to host the Trojan," said Dr. Tom Steding, president and CEO of Red Condor.

"In past eBay phishing attacks, the call to action URL has been on some random compromised machine. This scam, however, is a malicious and very sophisticated attack, and unfortunately, is a good representation of the types of phishing attacks that we are likely to see going forward. This attack is likely to get by many email security systems, so users should delete the message immediately."

View more news