Trojan Infects eBay Third-Party Developer Auctiva

Home

EB Blog

AB Blog

Letters

Podcasts

ABTV

Forums

EPIS

PR Service

Classifieds

Ecommerce EKG

Service Ratings

Auction Sites

FP Marketplaces

Inventory Management

Payment Services

Storefronts & Carts

Sniping Services

Wholesale/Dropshipping

Email List Hosting

Consignment Services

Ecommerce EKG

Auction Calendar

Collectors' Links

eBay Promo History

Bookshelf

Fraud Resources

Drop-Off Store Laws

ABTV

Ecommerce Resources

Photo Tips

Marketing Inserts

Yellow Pages

Advertising

EcommerceBytes-NewsFlash, Number 1983 - February 23, 2009 - ISSN 1539-5065 | Next

Trojan Infects eBay Third-Party Developer Auctiva
By Ina Steiner
EcommerceBytes.com
February 23, 2009

Auctiva, a third-party developer that provides free tools for half a million eBay sellers, became infected with the Trojan-Clicker "trojan horse" malware (see Symantec's description of the trojan here). Auctiva President Jeff Schlicht said the company found and quickly fixed the scripting virus that had attached itself to a few html and javascript files.

Auctiva immediately took the infected servers out of rotation, wiped the Operating Software on those servers, and reloaded them and put them back online around 3 pm on Saturday, according to Schlicht.

However, users attempting to visit the site continued to receive a pop-up warning as late as Sunday evening. The advisory was issued by Google, which must review the site before it will remove the warning. As a result, some sellers who use Auctiva Checkout are reporting that buyers are unable to pay for items. There was no announcement about the issue from eBay as of Sunday evening.

Auctiva confirmed that they posted the following message on the company's community boards earlier in the day on Sunday:

Hi Community,
Update - Our engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up on our site is because some of our machines were injected with malware originating in China. The malware we believe to be at fault has also hit a number of other high profile websites over the past 6 months.

If our current suspicions about what happened are correct, we know some things we can do to prevent this from happening again, but some additional investigation will be required before we reach a conclusive determination.

The affected machines are no longer in our rotation so it is currently safe to navigate the Auctiva website, however, if you did visit our site between Thursday evening and Saturday afternoon at about 2 PM PT, as a precautionary measure, we recommend taking the following actions to ensure that your computers are not infected:

1) Clear your browser cache, delete ALL temporary internet files, and restart your browser.
2) If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3) Make sure you are running some reputable antivirus software (AVG is available for free at http://free.avg.com and is known to catch this malware)
4) Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.

Comment on the AuctionBytes Blog

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email this story to a friend.

| Next

EcommerceBytes Blog

AuctionBytes Blog

Letters to the Editor