Auctiva, a third-party developer that provides free tools for half a million eBay sellers, became infected with the Trojan-Clicker "trojan horse" malware (see Symantec's description of the trojan here). Auctiva President Jeff Schlicht said the company found and quickly fixed the scripting virus that had attached itself to a few html and javascript files.
Auctiva immediately took the infected servers out of rotation, wiped the Operating Software on those servers, and reloaded them and put them back online around 3 pm on Saturday, according to Schlicht.
However, users attempting to visit the site continued to receive a pop-up warning as late as Sunday evening. The advisory was issued by Google, which must review the site before it will remove the warning. As a result, some sellers who use Auctiva Checkout are reporting that buyers are unable to pay for items. There was no announcement about the issue from eBay as of Sunday evening.
Auctiva confirmed that they posted the following message on the company's community boards earlier in the day on Sunday:
Hi Community,
Update - Our engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up on our site is because some of our machines were injected with malware originating in China. The malware we believe to be at fault has also hit a number of other high profile websites over the past 6 months.
If our current suspicions about what happened are correct, we know some things we can do to prevent this from happening again, but some additional investigation will be required before we reach a conclusive determination.
The affected machines are no longer in our rotation so it is currently safe to navigate the Auctiva website, however, if you did visit our site between Thursday evening and Saturday afternoon at about 2 PM PT, as a precautionary measure, we recommend taking the following actions to ensure that your computers are not infected:
1) Clear your browser cache, delete ALL temporary internet files, and restart your browser.
2) If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3) Make sure you are running some reputable antivirus software (AVG is available for free at http://free.avg.com and is known to catch this malware)
4) Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.
Comment on the AuctionBytes Blog
