Hackers Using eBay Ruse in Malware Attack

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Internet users are being warned this week to be on high alert for a new malware campaign that's using a bogus request for payment from eBay as a front to infect users' PCs and mobile devices with a variety of spam and malware.

According to researchers at security software vendor Sophos, the ploy begins with an unsolicited email with the subject line "Payment request from" with a phony "eBay@reply1.ebay.com" return email address.

The emails all have a blank message body, according to a blog post by Graham Cluley, a senior technology consultant at Sophos, but have a file called "form.html" attached.

"It's a sneaky piece of social engineering on the behalf of the hackers," Cluley wrote. "Many people would be tempted to open the attachment to find out what on earth the email is about."

When they do, and Sophos officials have yet to offer an official estimate as to how many users have been infected by this latest socially engineered scam, their browsers are redirected to a spam-related website for a Canadian pharmacy store.

While it appears to be just another ho-hum piece of pharmacy spam, an iFrame embedded in the website begins to download even more malware from other third-party websites.

Sophos has identified the offending attachment as Troj/JSRedir-BV.

"This malware can obviously be changed at anytime, but we have seen versions of the ZBot family of malware distributed in the attack," Cluley said.

Sophos and other security software vendors for months have been warning of new malware campaigns that use popular social networking and e-tailing sites as lures to get people to infect their PCs and smartphones.

Earlier this summer, phishers were successfully targeting Apple gift card holders with a typosquatted URL for Apple's online store to steal the entire balance remaining on the users' cards.

Cluley advises consumers and enterprises to make sure they run up-to-date security software on all their email servers and to avoid opening any unsolicited emails and attachments.

While the eBay scam is a new one, it's by no means the only branded, socially engineered malware scam afoot.

"Recently we've seen other criminal email campaigns with dangerous HTML attachments involving Adult Friend Finder, romantic interest and Skype purchases, Facebook porn, Skype payment problems and Facebook password resets among others," Cluley said.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.