L-Shadow R-Shadow

eBay’s Daily Deal is Now A Malware Victim from the Auctiva Trojan

colderice
Written by John Comments
Last Updated February 22, 2009

Dammit, now this is where the sh*t hits the fan for me. Just when I think it is over, they suck me back in.

I am sorry but this needs to get someone’s attention both at eBay and Auctiva! NOW, Please. When it was just buried in some of the auction that is one thing, but when it is the DEAL OF THE DAY!!!

When I click on the Tritton AX on the right, I get the malware notice using Google Chrome browser. some say they are not seeing this in IE browsers, chime in an let me know if you see it too?

image64 eBay’s Daily Deal is Now A Malware Victim from the Auctiva Trojan

image thumb52 eBay’s Daily Deal is Now A Malware Victim from the Auctiva Trojan Am I the ONLY one who works on Sunday? WTF is going on people!!!! LET’s wake up and do something man.  Fabulous JUST FREAKING FABULOUS!!! I am seeing the repercussion moving far beyond just a few eBay sellers. If you work at eBay CHANGE THIS NOW, Please!!!

Related posts:

  1. Auctiva Trojan Help Line? Maybe You Can Call It The “HOPE LINE”
  2. Goolge Flags Auction Tool As An Attack Site: Auctiva Appears To Host Malware, WTF?
  3. Auctiva Malicious Content Includes Trojans? NO, Not The Contraceptive Silly
  4. eBay 3rd Party Provider Auctiva Shuts Down Site Due To “MONSTER” Mystery VIRUS?
  5. Hey Buddy Can You Spare a Dime or 12 Cents? : Auctiva Ask Sellers to Cough Up!

  • James
    For those of you who may be interested there is an option to ebay. Since Thousands of sellers have left eBay for for a better solution there is www.bonanzle.com Growing at an incredible pace. Nearly 33,000 members Strong and 1.4 million listings now and growing by leaps and Bounds every day. They offer Live Chat, No Listing Fee’s, Free Store or Both and a FVF so small you can barely see it. Plus you do not even have to be a Member to buy there. You will be signed in as a Guest and you can Complete you Purchase using Google Checkout, Money Orders or if you need to the eBay owned Paypal. You will have more choices than eBay has ever or ever will offer their buyers. Drop by say say Hello. Pull up a chair and stay. You will be Welcomed from the first time you are there.
  • James
    While you are at Bonanzle stop in and say hello to me.

    http://www.bonanzle.com/booths/HereUntilSold
  • Never miss an opportunity for a shamless self promotion, LMAO
  • James
    Well Shameless as it is eBay has more Problems than just Auctiva now. Plus with the upcoming changes they have coming promoting a sure thing seems good. By the way Thanks for not deleting the comments. You to are welcome to stop by. We do not take names or even email addresses for that matter.
  • Delete it? Heck no...I am an evangelist of self promotion...Thank you for the invite. Long as it is NOT spammy, they are welcome.
  • James
    You Sir without a Doubt are Top Notch. Consider me a Member now and forgive the Picture. it's the most recent one I have. I have my ears cropped now and had a Jaw lift.
  • Hello colderice..Please see your e-mails. I have sent over some e-mails from Feb. 8th. when I first noticed and reported issues. It just seems to me that this may be the same thing from as long if not longer from when I first started to get warning when viewing imported eBay listings, as well as the warnings on the eBay site.
  • Dave
    Hey John,

    I get the error with Chrome, but not with IE 7. Enjoy your blog. Thanks!

    Dave
  • Lisa
    Hey James,

    Bonanzle is affected too. I just found your forums. All those Ebay uploads you have been promoting has affected Bonanzle as well.
  • To be clear regarding Lisa's comments, Bonanzle is NOT affected in the sense that any malware has been detected in any of our listings, forums, or anywhere else on site. However, if one were to leave our site and visit Auctiva (for instance, by clicking on an Auctiva image), then (depending on their browser) they would get the Auctiva malware warning.

    I may have more sympathy for Auctiva than most, since I know how extremely difficult it can be to keep a site free of the thousands of different security threats out on the web. And in the case of Auctiva, chances are they didn't even *know* they had been compromised until they Googled their name one day and saw the Google message. And now they've got a regular bruhaha on their hands. Sucks to be them.

    From my experience, there are two main attack vectors that get exploited to cause 95% of these types of break-ins. The first is leaving one's site vulnerable to XSS attacks (http://en.wikipedia.org/wiki/Cross-site_scripting) by having insufficient filtering of potentially malicious Javascript in item listings. If I were to guess, I would imagine that was what bit Auctiva. eBay's HTML filter is extremely permissive, since they've had the resources to tweak it for years to ensure that it allows every possible good HTML element through an no bad ones. Bonanzle's HTML filter is very strict, which means we often get annoyed sellers telling us that HTML elements imported from eBay don't work at Bonanzle, but it's the price we pay to ensure that we are as immune as possible to a potential XSS attack.

    The other vector of attack is running one's server on Windows with ASP, where the systems are much more complex, and thus have historically had a greater number of vulnerabilities. Bonanzle runs on Linux with open source software that is simple and transparent, so very unlikely to be vulnerable to a direct attack on the system.

    I hope that Google gets a chance to verify Auctiva's fix soon -- it's a really rotten position they've been put in.
blog comments powered by Disqus

Featured Video

Subscribe

Social Delivery
http://images.channeladvisor.com/Sell/SSProfiles/60000272/Images/11/social%20buttons.jpg

or Enter your email address:

Delivered by FeedBurner

Award Winner

Twitter

Facebook

Recent Posts

Have you heard about?

Loading clips for
eCommerce Bits

Archives

Meta