In an advisory published today, Red Condor said that a phishing mail sent by scammers reporting an eBay security alert differs from conventional phishing emails. This one tells victims that they must download a Security Shield program, which is in fact a trojan that harvests their passwords and presumably carries out other malicious activities on their machines.
Traditionally, phishing email relies on victims entering information about their accounts on spoof websites designed to look like the targeted company's genuine site. However, this mail directs victims to a web page containing a Download Now button to download software that directly compromises their machine.
This constitutes a blended threat, according to Red Condor. It is similar in concept to a recent attack carried out on Facebook users, that asked them to download a piece of software that would help them to reset their password.
However, this phishing attack differs in that it uses a compromised server within eBay's domain to host the software download button, Red Condor said.
"The scammers have exploited an 'About Me' page of a compromised eBay account to host the Trojan," said Tom Steding, president and CEO of Red Condor.
According to the email security company, very few antivirus engines have detected the malware targeting eBay. When it first discovered the campaign on Saturday, only five antivirus engines recognized the malicious software. Four days later, only seven antivirus products were identifying the downloadable executable as malicious.