[ insider_reports_insider ]
Feebs Variant Behind Complex EBay Fraud
John Stith
Staff Writer
2006-02-09
 Insider Reports RSS Feed
The kids at Aladdin tracked down a new Feebs Trojan variant that includes a nasty and dangerous new fraud scandal tied to eBay. With new phishing scams popping up every day, it's no surprise another big one has come down.
 | | Feebs Variant Behind Complex eBay Fraud |  |
When the variant is executed, it loads a fake search engine screen. Then false error messages come up saying there's no available connection. This occurs while other activities occur including disabling antivirus protection other security programs. In addition, the little bugger starts running its malicious code. Aladdin said it could be passed around by email or from malicious websites.
The fraud part kicks in too and it's really nasty. This one actually goes in and modifies network settings in such a way "that when surfing sites such as eBay, using any browser, clicking on an eBay link on the Web, or even accessing it from the favorites shortcut, the victim is inevitably forwarded to a spoofed eBay site." The beauty or ugliness of this is the web address appears normal the entire time and unfortunately, it can sit for a while before going off.
The Aladdin description went on to say the script modifies the HOSTS file found on the target PC. This file can be used to override the DNS servers and allow the user's browser to receive one address and lead to another. Feebs redirects all attempts to get into eBay to its own sites. Whenever someone attempts to follow any link, it prompts for a username and password.
Then the person heads to the real eBay site, unaware their information has been taken. Completely unaware they've turned over their information to the hackers access to all their personal eBay information. They can purchase products and let the user pay the cost.
"We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. "Although Web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site. Thus, users are even more likely to provide their personal data, which then lands in the wrong hands."
Once again, keep up the updates, patches, etc. And don't open any strange emails.
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
