Symantec has uncovered an unusually sophisticated email scam which targets eBay users with a combination of legitimate eBay auctions and a Windows Trojan that intercepts a user's web traffic.
The ‘advanced’ malware involved, called Trojan.Bayrob, sets up a man-in-the-middle attack, Symantec said.
"While we have previously seen Infostealers that try to steal your username and password, a threat attempting a man-in-the-middle attack on eBay is very unusual," said Symantec's Liam O'Murchu. "Man-in-the-middle attacks are very powerful, but are also difficult to code correctly."
The attack begins with an email message containing a legitimate eBay automobile sales slideshow as well as the Trojan, which implements a local proxy server and directs traffic bound for eBay through it.
From one of a number of control servers, the Trojan downloads copies of legitimate eBay pages that have been modified to allow the attackers to insert variables of their own, such as a fake seller name. The fake pages include those for asking the seller a question and checking feedback on the seller - the latter displaying a high feedback rating as well as positive user comments.
If a victim finally decides to buy, the money goes to the attackers, Symantec said.
The company said all the Trojan's original control servers have been taken offline, but others are likely to take their place. The company advised users not to run untrusted attachments.