Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 23rd, 2009

Google Detects Malware Infection On eBay Solutions Provider

eBay solutions provider suffered a malware attack during the weekend. As a result, the website has been tagged as malicious in Google. The warning “this site may harm your computer” most likely affected hundreds of thousands of customers and their eBay auctions.

Goole Safe Browsing Diagnostic page for shows:

What is the current listing status for

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 129 pages we tested on the site over the past 90 days, 40 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-23, and the last time suspicious content was found on this site was on 2009-02-23.

Malicious software includes 44 scripting exploit(s), 21 trojan(s). Successful infection resulted in an average of 11 new processes on the target machine.

Malicious software is hosted on 2 domain(s), including,

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including

This site was hosted on 1 network(s) including AS174 (COGENT).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, appeared to function as an intermediary for the infection of 1 site(s) including

Following the complaints of users who started receiving antivirus software warnings appearing upon visiting, the company took measures to ensure the transparency of the clean-up process which they finalized yesterday.

According to Auctiva’s update log, the engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up is because some of their machines were injected with malware originating in China. The malware has also hit a number of other high profile websites over the past 6 months. The affected machines are no longer available so it is currently safe to navigate the Auctiva website. According to Kevin K. from forums, some webservers to be raken offline due to additional monitoring.

Users who visited the site between Thursday evening and Saturday afternoon at about 2 PM PT, should take precautionary measures, as explained on Auctiva website to ensure that the computers are not infected:

1. Clear your browser cache, delete ALL temporary internet files, and restart your browser.
2. If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3. Make sure you are running some reputable antivirus software (AVG is available for free at and is known to catch this malware)
4. Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.

According to Dancho Danchev post on ZDNet, appears to have been embedded with malware on the 18th of February, several days ahead of the company’s announcement according to affected users. The exploits serving URLs, luckffxi .com and auctlva .com — both domains parked at the same IP — are typical exploits serving sites courtesy of Chinese attackers which despite the fact that several Russian web malware exploitation kits are already localized to Chinese, continue using the same descriptive file structure for the client-side exploits in a manual fashion. For instance luckffxi .com/flash.htm, luckffxi .com/14.htm, luckffxi .com/office.htm, luckffxi .com/real.htm.

Share this item with others:

More on CyberInsecure:
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing
  • 5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm
  • Network Solutions Customers Websites Compromised, Again
  • Free Malware Scanning Service SiteInspector Launched By Comodo
  • Nigerian Spammers – Now In Google Calendar

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Google Detects Malware Infection On eBay Solutions Provider

    One Response to “Google Detects Malware Infection On eBay Solutions Provider”

    1. Robert Green Says:
      February 24th, 2009 at 5:33 pm

      On Thursday, February 19, we discovered the presence of malware on some of the Auctiva servers. This caused Google to flag Auctiva as a dangerous site. Our Systems Engineers identified the location of the malware and immediately began working to isolate the infected servers and take them offline.

      During this process, the site was running on fewer servers and you may have experienced some delays. As of Sunday night, Google rescanned and determined the site to once again be safe.

      However, out of an abundance of caution, we temporarily took offline while we worked to correct security vulnerabilities and eliminate the possibility of further infection. We resolved to only bring the site back online once we were confident we could provide the same high level of safety and security for our customers that we have for the past 10 years.

      In the early morning hours of Tuesday the 24th, we brought back online with a reduced number of servers, and are in the process of adding more to our network to improve site speed.

      During the period the site was offline, Auctiva Checkout, and our users’ scheduled listings, images, templates and scrolling galleries remained available in eBay listings.

      As a company, we strived to handle this issue in a candid, responsive and responsible manner. Updates have been available throughout the course of this issue at and this user forum is where we will continue to inform our users with future news/updates

      Similar attacks have been made on other large Web sites in recent months. Other targets have included:

      * CBS

      Auctiva takes the issue of security very seriously. We temporarily took the site offline while we worked to correct security vulnerabilities and eliminate the possibility of further infection.

      Auctiva is a 10-year old software company comprising several Web sites and products. With more than 80 employees and hundreds of thousands of registered users, Auctiva remains a trusted eBay partner posting millions of eBay listings every month.

      Robert Green – Auctiva Product Manager

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.