A Trojan that arrives by email targets potential car buyers at eBay Motors, and attempts to closely imitate a legitimate auction.
Some good news has emerged since we first mentioned the scam previously. Symantec has followed up with some additional news about the status of the servers powering the scam.
“The good news is that all of the attackers’ control sites mentioned in the previous blog have now been taken offline!” Liam OMurchu noted in their update. “However, I am sure that the attackers will regroup and set up new servers.”
The malware, dubbed Trojan.Bayrob, runs a sophisticated man in the middle attack that intercepts traffic to eBay Motors. It arrives by email and shows the victim a photo slideshow of a vehicle purportedly up for auction.
Along with the slideshow program, the email brings along the Trojan and drops it onto the PC. When the victim clicks on the link to a legitimate auction, the Trojan fires up and intercepts web traffic. It delivers phony feedback pages to the victim, for example.
The idea is to entice the victim to complete the auction and submit a payment. Once submitted, the criminals grab the money and likely move on as quickly as possible.
People who avoid launching executables arriving by email should be able to easily avoid this Trojan. Though its control servers are offline, Symantec expects those behind the scheme will regroup and launch it again with new servers backing the Bayrob Trojan.
—
