eBay plug-in Auctiva hit by virus
By John Lister
A third-party program designed to make eBay easier to use has been hit by a Trojan virus. The developers behind Auctiva have urged users to switch to browsers such as Firefox rather than Internet Explorer.
Auctiva is a set of tools for speeding up the time it takes to list items on eBay as well as making listings more eye-catching. The software first appeared a decade ago and has been a Web-based package since 2005.
The virus is a variant on the Trojan-clicker virus. It doesn’t damage a computer as such, but does use infected machines to send requests which simulate clicking on an advert, thus boosting pay-per-click revenues for the sites hosting the ads. Having thousands (or more) infected machines do this means the clicks mount up without triggering suspicion in the same way that clicking multiple times from a single machine can do.
It appears the virus found its way from a Chinese source to some of the servers for the Auctiva Web site. The firm has taken the infected machines out of action and says its site is now safe. It doesn’t appear the virus affected people using Auctiva’s tools themselves, just the Web site.
The firm says anyone who used the site between Thursday evening and Saturday afternoon (West coast US time) should delete all temporary internet files, clear their browser cache and restart their browsers. It adds “Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.” Most credible anti-virus programs should detect and remove the virus.
Users attempting to reach the Auctiva site through Google were unable to do so until either late yesterday or early today depending on their location. That’s because the site remained listed as infected in the StopBadware.org database Google uses to block infected Web sites.
Related:
Entry was posted
on Monday, February 23rd, 2009 at 3:11 pm
under
Read more entries by John Lister.
Stumble It!
February 23rd, 2009
Hi
Just to let you know, I was looking for an update and thought that I’d better let you know that when accessing the Auctiva website this morning 23/03/2009 (England) Zonealarm found the Trojan-Click Virus. They obviously still have it
Kind Regards
J
February 24th, 2009
I would like to give a current status update on this issue and a bit more on what occurred late last week.
We discovered the presence of malware on a few of the Auctiva.com servers on February 19th. This caused Google to flag Auctiva as a dangerous site. Our Systems Engineers identified the location of the malware and immediately took the infected servers offline. We worked to correct security vulnerabilities and eliminate the possibility of further infection. We resolved to only bring the site back online once we were confident we could provide the same high level of safety and security for our customers that we have for the past 10 years.
In the early morning hours of Tuesday the 24th, we brought Auctiva.com back online with a reduced number of servers, and are in the process of adding more to our network to improve site speed.
Facts:
• Auctiva is a 10-year old software company comprising several Web sites and products. With more than 80 employees and hundreds of thousands of registered users, Auctiva remains a trusted eBay partner posting millions of eBay listings every month.
• Auctiva takes the issue of security very seriously. We temporarily took the site offline while we worked to correct security vulnerabilities and eliminate the possibility of further infection. We committed to only bring the site back up once we were confident we could provide a high level of confidence in the safety and security of our site for our users.
• As a company, we strived to handle this issue in a candid, responsive and responsible manner. Updates have been available throughout the course of this issue at http://community.auctiva.com/eve/forums/a/frm/f/1081020411 and this user forum is where we will continue to inform our users with future news/updates.
• Throughout this process, users’ listings, images, templates and scrolling galleries remained available.
• eBay Security Teams are helping Auctiva to ensure the strictest level of safety and security on Auctiva.com. eBay has been closely working with us on this matter to thoroughly ensure users are not affected by this sort of malware intrusion again.
• Existing Threat? After the threat was identified late last week, we took the appropriate and responsible corrective action. Normal operation has since been restored and there is no risk to users visiting any portion of the Auctiva.com site.
If there’s a concern about the security of our forums: Our discussion forums were always safe to visit. The forums (http://community.auctiva.com/eve/forums/a/frm/f/1081020411) are hosted on different servers than Auctiva.com and were never compromised.
Similar attacks have been made on other large Web sites recently that used the same methodology for malicious code injection. Other targets have included:
• CBS (http://www.pcworld.idg.com.au/article/269283/cbs_website_bitten_by_iframe_hack?fp=512&fpid=1871683061&rid=1)
• Monster.com (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9048019)
I would be happy to answer any questions or clarifications you may have. Auctiva considers this matter our top priority and would like to ensure our user base, and the public at large, that we are, and will remain, a trusted eBay partner.
Daniel J. Buchner
Product Manager
Auctiva Corp.
February 25th, 2009
This would be to Daniel Buchner from Auctiva…
You said, “as a company, we strived to handle this issue in a candid, responsive and responsible manner.”
Umm, really? The advice to people to change their security settings so that they could go in and navigate the Auctiva website. That was good advice??????????????????????
Then, giving the all clear, because Google had cleared Auctiva, only to STILL have trojans that ended up in the site going offline until fixed, BUT leaving listings, scrolling galleries etc still running.That was responsible?????????????
Oh the site was still infected, so we took it offline, but lets leave our customers pics, listings & scrolling galleries in place, DUH! You covered your sorry a$$ and didn’t give 2 hoots for the sellers who had Auctiva listings in place during all of this.
There is a large lot of sellers and buyers alike on eBay discussion boards that were, let me repeat, WERE infected. Some cannot even bring their pc’s up now. They seemed to have crashed for good.
Buyers are going to remember that what infected their pc was clicking on a picture in a sellers listing that was hosted by Auctiva. A lot of buyers will now turn away from any listing that uses Auctiva.
As a seller, and a (soon to be former) Auctiva customer, you have lost my business and a lot of others.
I feel bad for the people who are now dealing with crashed computers and no money to fix them or replace them or that rely on their pc to earn a supplemental income on eBay!
You can read more here:
http://forums.ebay.com/db2/topic/Seller-Central/Auctiva-Malicious-Software/520092591
July 6th, 2009
my computer is seriouslyu affected–resulting in multiple listings of my auctions rather than just one. and it does not do it all at once. i have spent hours removing ramdom listings of my listings. i finally realized it was my laptop and not desk top–a few days ago. so i am able to list on one computer without this happening.