Mutant of Feebs Trojan uses elaborate eBay fraud

By Derek Sooman on February 8, 2006, 8:09 PM
Internet users are being warned against a new variant of the Feebs Trojan, which tries to trick users utilising an elaborate eBay fraud.

Security firm Aladdin, which identifies the new variant as JS.Feebs, notes that when the malware executed by an unwitting recipient its displays fake loading screens that looks like several popular search engines. This is followed by a false error message stating that there was no available connection. The scripts do this to mask their own activities which sometimes include disabling the system's antivirus and other security-related products as well as executing other malicious code.
This attack uses a modified HOSTS file to override the default DNS servers, allowing users' internet browsers to receive one address and lead to another. When users try to access eBay, for example, they are then unwillingly and unwittingly directed to a false site instead. No longer are such scams dependant on badly written phishing mails with suspicious links to do their work Ė the modified HOSTS file is all that is required.

"We see this new fraud attempt as an illustration of the growing presence of dangerous phishing scams," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit.

"Although web attacks are more difficult to measure than email-related attacks, we expect this JS.Feebs variant to have a significant impact for infected users, as their browser no longer indicates they are visiting a phishing site. Thus, users are even more likely to provide their personal data, which then lands in the wrong hands."

User Comments: 7

Got something to say? Post a comment
djleyo said:
another one!!1 man the bad thing that this trojan uses a great way to get in to the computer and hide itself changing the dns servers too bad for people that dont read what their clicking on READ BEFORE YOU CLICK thats my advice
AeonXX said:
This sounds nasty, but there are other eBay scams you should be aware of. Itís rarely a good idea to buy items that youíve located on eBay through e-mail. If you decide to do that, at least look up their e-mail address in Google (preferably with the word Ďscamí attached), and scan a web site like this one for the sellerís e-mail address: [url][/url]. I was thinking of buying a Ferrari laptop, but when I searched for their e-mail address in Google, they were listed in a scammers database. Some people arenít so fortunate.
cyrax said:
Ouch! Thats one very dangerous scam. Its tough to tell which one is the real one when these switch severs so quickly. Scammers will be the death of ecommerce.
Need_a_Dell said:
People really have to be careful when they're on the internet, especially when they are purchasing something. Something like this could really harm their computer, and their bank accounts. Identity theft is a rising problem in today's society, and it seems that more and more people are becoming victim of phishing. Looks like Panda is going to be getting more business in the future!
Race said:
Regardless, it still has to be transmitted through an email or malicious web site.It's also a good idea to monitor your HOSTS file for changes, if you have one.
MonkeyMan said:
This is really serious. This makes me not even want to shop on ebay!!!!!!! Man, these hackers are relentless!!!! just be careful everyone, because you could get your entire bank account cleaned out with this new trojan. Firewall powa away!!!!!!!
Vaulden said:
People definitely need to pay attention to what they click on. Also making the HOSTS files read-only unless necessary is a practice I have been following for years.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.