Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    If you have ever bought or sold anything on eBay, you pretty much know how important the seller ratings are. The general rating system is based on a one- to five-star scale and is determined by people you have done transactions with. As customary, five stars is the highest and one star is the lowest. With the condition of conducting business anonymously, the buyer can only depend on these ratings to take that leap of faith of sending his hard-earned money to that total stranger probably sitting halfway across the globe.

    Though eBay sites offer practical and legit tips on how to boost one’s seller ratings, it is not surprising that scheming sellers still want to find an easy albeit unfair way of taking advantage of this rating system. After all, more stars virtually spell more sales.

    The Register recently reported a scripting trick employed by malicious sellers at, purportedly to boost their own seller ratings. An auction for a 2007 Range Rover Sport HSE, a four-wheel drive car usually valued at around 40,000 pounds, offers the vehicle at a curiously low amount of only 12,000 pounds. Apparently, the seller indicated on the main page (an online jewelry seller) has a “PowerSeller” status — meaning he/she has met certain standards from eBay including average sales requirements and of course, the all-important honesty and timeliness.

    Picking on the natural interest of people, particularly of eBay customers, for anything that appears to be a bargain, clicking on the auction brings the user to what appears to be a regular item page. The first sign that something is fishy? A suspicious pop-up coming from a page in Russia.

    Further analysis later on showed that this apparently regular page from eBay contains an embedded tag pointing to a Shockwave file, which in turn redirects the user to an .ASPX page in Russia. Down further on its root are two other .ASPX pages linking to already completed vehicle auctions. So just when buyers think they are dealing with a reputable seller, they are actually blindingly doing business with sellers they can’t even identify.

    Currently, we can only guess if this curious script serves other purposes than boosting those seller ratings. Trend Micro is of course doing its own investigation of the dubious files. Updates will be posted on this blog as soon as more information is available.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice