Friday, November 23, 2007

BayRob Downloads Fake eBay to Desktops

The BayRob Trojan currently tormenting eBay Motors demonstrates some of the increasingly sophisticated tactics that online criminals are using to defraud eBay's customers.

Like most malware these days, BayRob appears to be primarily distributed in the form of a phishing email carrying eBay Motors branding. The Trojan is attached in the form of an image, which presents itself to the user as the image of a vehicle.

When the user clicks on the image, BayRob installs a web server, does a location search on the user's IP address, then launches the user's web browser and starts serving up fake pages designed to appear as if they are coming from eBay or CarFax or similar services.

According to Symantec, quoted by the Register, the web server is in constant communication with a "fleet of control servers" designed to mimic the auction site and constantly update the pages.

Consider for a moment what is happening here, from the end user's perspective. The end user's aim is to get a great car for a great price, from a trusted brand (eBay). The criminal's aim is to take money from the consumer without providing goods.

The criminal accomplishes this by using the trusted brand in combination with a reverse IP address lookup to place the cars in the fake ads just a little bit too far away from the user's home address. In this carefully-calibrated scam, the criminal has everything they need to control the user's action - control of price, control of the desktop, control of the transaction mechanism.

The sad part of this (or happy part, depending on how you look at it) is that there are solutions out there that can mitigate this eBay scam and remove the problem entirely.

Our technology, Authentium VERO, completely prevents these scams from occurring, by ensuring eBay pages are identified as coming from actual eBay web servers (not faked local web servers), and disallowing all other (fake) pages access to the user's web browsing environment.

For an example of how bad this might get, check out this story about how one potential buyer of a Jeep Cherokee lost $8,600 - and was unable to be compensated for her loss, because, according to eBay customer service, "the fraud happened outside of eBay."

Note: Symantec reports that one victim was recently almost scammed out of $10,000 but managed to track the money to its final destination - a Western Union outlet in Greece - and halt the payment.

No comments: