Malware alert from eBay using avast?

Author	All Replies
Mattie_B join:2008-05-16	Malware alert from eBay using avast? I was rather shocked when this alert popped up from searching eBay. Just figured I'd post it up and see if anyone else is getting messages like this from there virus software. I'd never expect a site as large as eBay to have malware!
	to forum · permalink · · 2009-11-11 11:03:23 ·
Blue2 Premium join:2004-04-14 France	Well, I have NOT seen an alert like that before, and when I do the same search ("modern warfare 2 prestige edition"), I get no alert from KAV. But my search result may be different than yours. However, if you google the malware alert item that Avast indicated, you'll find this answer to your question: Malware showing up in eBay today JS:Pdfka-OE »forums.ebay.com/db2/topic/Trust-···10141257 That was posted on the ebay forums 6 days ago, so they don't seem very proactive, and their "largeness" tends to make them lethargic. More here: »blogs.myspace.com/index.cfm?fuse···13369202 It looks like your AV is doing its job. That second link explains how the exploit works and as it's labeled "js", I assume it is javascript based, and as I'm using FF with NoScript, that exploit was probably prevented from running.
	to forum · permalink · · 2009-11-11 11:20:07 ·
Mattie_B join:2008-05-16	Well thanks for that information. I was just really shocked when I got the alert in the first place. And to learn that eBay is aware of the security problem and have done nothing makes me rather annoyed.
	to forum · permalink · · 2009-11-11 11:30:19 ·
Pinan Hypnotic Tweaker ExMod 2000-03 join:2000-09-02 Murrieta, CA	It's just a false positive: "Our development team has been able to determine that the page is returning a false positive to the antivirus program. The page is safe. Please update your virus permissions for the program and this issue should no longer occur. Thanks, Garnor" On page two.
	to forum · permalink · · 2009-11-11 11:30:59 ·
Blue2 Premium join:2004-04-14 France	reply to Mattie_B I'm not buying the false positive explanation yet, nor are some other users. From further down in that same thread: "And to make the situation even better, Avast Anti-Virus Pro caught this just a few minutes ago: Link And since it's auto changing this to a hidden link, here's the link with spaces to let people know what to avoid: h † † p ; \| \| include . ebaystatic . com / v4js / en_US / e637 / Finding_Common_e63710150401_6b_en_US . js Seems this embedded link infected the following directory below with an "HTML:Script-inf" Exploit/Virus: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\*******.default\bookmarkbackups (I changed the original name to 's) Oh, but wait, it's just a False-Positive... Right? " It MAY be a false positive, but the way ebay treats these issues with simplistic answers is NOT the way a real security team would investigate this.
	to forum · permalink · · 2009-11-11 11:37:30 ·
Pinan Hypnotic Tweaker ExMod 2000-03 join:2000-09-02 Murrieta, CA 1 edit	Those posts were from over a month ago though. No activity since. ? I use Avast and get no warnings on Ebay. ~~ Actually, the last post is from 10/22. But still. There are very few posts at all, considering the size/popularity of Ebay. I'm going with FP.
	to forum · permalink · · 2009-11-11 11:40:44 ·
Blue2 Premium join:2004-04-14 France	reply to Mattie_B Well, the fact that it is a month old doesn't tell me anything. I wouldn't count on ebay to do anything quickly. They never do. If it is a js exploit, I imagine that you won't see it if you're using FF and Noscript for example. You also may not have come up with the same search results she did. Mattie_B, can you check the date on your virus definitions. I'm assuming that it was updated within the past 30 days (!), and if so, why would you get a false positive on something noted a month ago and presumably promptly corrected with a definition update ?
	to forum · permalink · · 2009-11-11 11:50:48 ·
Mattie_B join:2008-05-16	Actually my virus definitions were last updated on 9-25-2009. I just updated to the latest set of virus definitions and tried accessing the same page again. I didn't get any type of alerts this time around. It just seems weird though, you wouldn't think you'd even get a false-positive from a trusted site like that. I'm running a virus scan now to see if anything else is infected but I'm pretty sure my system is clean.
	to forum · permalink · · 2009-11-11 12:05:05 ·
Blue2 Premium join:2004-04-14 France	reply to Mattie_B Wel, then that is your problem. Running an AV without updated definitions is equivalent to NOT having an AV. So before you ask others here to solve another issue, you need to take reasonable precautions. Start here: »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach:
	to forum · permalink · · 2009-11-11 12:10:02 ·
Pinan Hypnotic Tweaker ExMod 2000-03 join:2000-09-02 Murrieta, CA	said by Blue2 : Running an AV without updated definitions is equivalent to NOT having an AV. Huge thumbs up.
	to forum · permalink · · 2009-11-11 12:42:22 ·


Thursday, 03-Dec 13:41:55	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF