Subscribe    RSS Feeds    Twitter            Contact Us   
728_header.jpg (23748 bytes)
 Home   EB Blog   AB Blog   Letters   Podcasts   ABTV   Forums   EPIS   PR Service   Classifieds   EKG   Ratings 
Web Site     
  Rate Services
  Amazon Fee Calculator
  eBay Fee Calculator
  Etsy Fee Calculator
  Auction Calendar
  Collectors' Links
  eBay Promo History
  Bookshelf
  Fraud Resources
  Drop-Off Store Laws
  Payment Holds
  ABTV
  Ecommerce Resources
  Photo Tips
  Marketing Inserts
  Yellow Pages
  Advertising
buyersmarket2aaa2.JPG (7729 bytes)
Julia Wilkinson AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

Julia Wilkinson is Editor of the AuctionBytes Blog and is author of the "eBay Price Guide," "eBay Top 100 Simplified Tips and Tricks," "My Life at AOL" and numerous ebooks about selling online. You can also find her writing on Yard Salers.
Sun Feb 22 2009 11:08:38

Trojan-Clicker Infects eBay Vendor Auctiva

 By: Ina Steiner
Sponsored Link
Auctiva said it found and quickly fixed a scripting virus that had attached itself to some html and javascript files. The company provides free services to eBay sellers. Users began reporting that they were receiving warnings when visiting the site, and the company confirmed that some of its servers had been infected with the Trojan-Clicker "trojan horse" malware (see Symantec's description here).

Auctiva President Jeff Schlicht said the Trojan-Clicker pops up ads on Asian sites. He believes the malware remains resident in system memory and continuously or regularly attempts to connect to specific websites in order to inflate the visit counters for those specific pages.

He said Auctiva immediately took the infected servers out of rotation, wiped the Operating Software on those servers, and reloaded them and put them back online around 3 pm on Saturday. While the servers were offline, the site ran slower but is now back to normal speed.

Attempting to visit the site continues to result in a pop-up warning, "This web site at www.auctiva.com has been reported as an attack site and has been blocked based on your security preferences." Schlicht said while Google is quick to identify such problems, it's slow to remove the warning after the problem is resolved. "Hopefully we can get that taken care of soon," he said of the Google warnings.

He added, "The safest thing to do for users now is to make sure they have their virus detection turned on and updated to be safe. Of course they should be doing that anyway. We've fixed the issue and been going through every server, around 200, and running detection and haven't found anything."

The site StopBadware.org has resources on removing malware.


Update 2/23/09: The home page of Auctiva currently displays this message:

Notice

Our web site, auctiva.com, was infected by malware on 2/19/09. Since that time we have been working 24/7 to remove the malware from our servers.

During the most recent evaluation of the situation, we determined that the best course of action would be to temporarily take auctiva.com offline. Once we are confident that we have completely removed the malware, we will bring auctiva.com back online.

During this time your Auctiva Checkout, scheduled listings, and images, templates and scrolling gallery in listings on eBay will remain available. However, the supersize images function will not work.

Please visit our Community Forums for on-going updates http://community.auctiva.com/eve/forums/a/frm/f/1081020411.




Comments (50) | Permalink
Readers Comments

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Pat
       
Sun Feb 22 12:01:44 2009
Thanks for this Ina. I get warning messages everytime I try to go to Auctiva. Google still has "This site may harm your computer." messages on all the Auctiva results...
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: John (ColderICE)
       
Sun Feb 22 12:24:35 2009
Wow, that was so helpful....NOT!!! I can not believe that all they have to say is ''oh yeah, we fixed that''. THOUSAND of sites, auctions and pictures are returning MALWARE dude! This does NOT happen everyday man.

This has been flagged as a malware/trojan  http://bit.ly/yXjsf

WAKE UP cause this has effected the lives of possibly thousands of sellers and all they can say is...''make sure they have their virus detection turned on''?!? WTH? Amazing, absolutely amazing...or maybe it is just me?

John (ColderICE)
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: H@ly Cr@p!
       
Sun Feb 22 12:37:18 2009
I just read this and was going to list today. Does this mean I can't or has Auctiva ridded the trojan form there servers?
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Rebel
       
Sun Feb 22 12:42:15 2009
Well I know it's a terrible thing, but now you know how eBay affiliates feel!We have been getting ripped off since Auctiva entered the scene.The traffic we send to the sellers sites....that have our affiliate cookies always get overwritten by Auctiva's own affiliate cookies.You didn't know they were also affiliates?Yes they are, and they steal from regular affiliates everyday!You wouldn't expect them to provide a image service for free...would you?Nope!The eBay affiliate is paying for that!If I was a seller, I would ditch them now, as it's going to get worse...I guarentee you!Their are already organzations building strong cases against Auctiva at this very moment and it shall come to a head very soon!
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Lonster
       
Sun Feb 22 12:43:11 2009
I'm sure this isn't breaking eBay's heart. Auctiva just launched their own stores apart from eBay
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Lisa
       
Sun Feb 22 12:47:41 2009
It is probably no coincidence this attack happened just as auctiva was launching their own e-commerce site.

Unfortunately, by giving their own users the runaround and not being straight up with them (there is more truthful information posted here than posted by auctiva staff anywhere on their entire message boards), their credibility with potential paying customers is at stake.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: dcsbodyjewelry
       
Sun Feb 22 13:06:07 2009
Auctiva definitely isnt being straightforward with it's users, and for that reason I will no longer user auctiva's services and will close my new auctiva commerce store. This is B.S. that since all this evolved, NOT once has auctiva staff gone public with it's user base and informed them of the potential consequenses are if they continue using their templates and image hosting services.  

Internet Explorer is the only browser I've found that doesnt alert the viewer of malicious software problems. Anyone attempting to view an auctiva users listing using firefox, google chrome and other browser types clicking on images immediately get a big  windows alert message pop up warning viewer of malicious software and blocks the viewer instantly.


Until google and firefox areconvinced Auctiva is virus and malware free.....they will continue to block and warn everyone that views an auctiva listing whether it be on ebay or auctiva store.  

Auctiva staff has the responsibility to it's users to point these TRUTHS out, but as of this time, auctiva has skirted the problem for 3 days now.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: frustrated
       
Sun Feb 22 13:25:51 2009
This story would have been helpful 2 days ago. It's a bit late and more than a bit thin.

Auctiva bungled this from the get-go.

I'm glad I don't have a store with Auctiva that showed as an attack site in google search results. I'm sure those customers won't ever come back.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: JLR
       
Sun Feb 22 15:31:40 2009
So I ignored the warnings, launched IE7 and decided to go to the Auctiva website. IE7 crashed, or seemed to have crashed on loading the Auctiva website. Next thing I know, my computer is infected with unknown processes, Norton found a trojan it can't remove, and after running Adaware, ComboFix, and Spybot, I still have random popups and scvhost.sys crashes randomly.

Stay away from Auctiva... they should have taken down the entire site at the first sign of the hack and not allowed other users such as myself to get infected. I'm now looking at a total os rebuild.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: MsFish213
       
Sun Feb 22 15:37:47 2009
I was on the site Friday, Saturday and today...ran scans after, did not have anything abnormal showing in my scans-no viruses, no trojans, no malware.  It was only on certain servers. I will continue to use their service.  I would imagine this would make them even safer going forward, since I am sure they do not want a repeat of this fiasco.    
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: 117995
       
Sun Feb 22 16:32:37 2009
Yep, and lucky me have been using it for the last couple of days.

I checked my ebay listing, and a warning pops up when clicking photos. Yeah, that will sure help with sales. Switched to Firefox to check.

Yesterday they had warnings on site stating it would be slow due to their pulling servers for emergency repairs-nothing about infected servers.

Should we be totally convinced the servers are clean?

I agree with Lisa that "It is probably no coincidence this attack happened just as auctiva was launching their own e-commerce site."




Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Janine
       
Sun Feb 22 16:47:45 2009
I got an Auctiva Commerce store about 3 weeks ago. Funny thing is, I haven't done anything with my store yet out of fear something like this might happen, the closer Auctiva would get to going public with the Commerce stores.
I signed up early to lock in the lower membership fee but, like I said, something told me not to rush the experience.

I know a lot of you are ticked off at Auctiva and I am aware of the reasons why. But, I'm more pissed off at the people who did this to Auctiva; people that obviously have nothing better to do with their time than screw someone over. What a bunch of tards.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: 778373
       
Sun Feb 22 16:52:10 2009
BTW
By stating I agree with Lisa "that it's probably no coincidence" I am not saying who or why this happened.

eBay users will also be infected as many listers use Auctivia.

Should both Auctivia and eBay alert the buyers or close down the site? Many here seem to think so. What about the sellers who list through both sites, should our paid listings be pulled?
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: john
       
Sun Feb 22 17:44:16 2009
Like the user above, I was on the site, uploading photos, did a few auctions on saturday and next reboot, had all sorts of new processes and crashes. Soxpeca.exe, and about 4 other processes, svchost.exe crashes, memory crashes and combofix finds but can't rid the trojan. I am also looking at a complete OS reinstall. This machine was perfect prior.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: della and the dealer
       
Sun Feb 22 17:48:23 2009
Auctiva Mike D. still has a post up suggesting that you should turn off ''warn me if this is listed as an attack site'' if you use Firefox.  
-quote-
Update - If you are using the Firefox browser and are unable to use your account because you are receiving a warning stating the Auctiva is an ''attack site'', you should be able to workaround it by selecting ''Options'' from the ''Tools'' menu and disabling the ''tell me if the site I’m visiting is a suspected attack site'' setting under the ''Security'' tab.
-quote-

Someone might want to give Auctiva a clue here.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: mimi
       
Sun Feb 22 17:53:05 2009
Well, I was going to do some eBay shopping today - forget it! So many thousands of sellers use Auctiva - what a major disaster. Someone from eBay needs to post something in the announcement section. So much for all those people begging for the new Auctiva Stores. I wouldn't get near them now! Forget shopping today (or listing) - what a cluster!
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Annie
       
Sun Feb 22 17:55:19 2009
Auctiva is wrong with claiming that they are in control of this situation.  This started Thursday, and everytime I was on the site I was getting warnings.  Know they don't want to admit that they got hacked, but they have an obligation to their users to notify them, and not act like it is no big deal.  3 people I know have lost their computers since Thursday.  Coincidence or just bad luck?  All three use Auctiva!

As for their Ecommerce site starting up, glad I didn't buy into it.  Reason being, don't even know if it is going to be worthwhile.  Just like the idiotic website that Auctiva was selling and they were only good on Auctiva.

Love the features of Auctiva, but not worth being compromised with my computer.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: Kjel Varndsen
       
Sun Feb 22 18:07:44 2009
Fortunately, I am not an Auctiva (or an IE) user, and keep my security settings high and my AV up-to-date.

This is the latest message I get from Google:
http://www.google.com/safebrowsing/diagnostic?site=http://w
ww.auctiva.com/&hl=en

Of the 49 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-22, and the last time suspicious content was found on this site was on 2009-02-21.
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: McFiver
       
Sun Feb 22 18:08:27 2009
Thanks for the updates.  After double scanning for virus & malware on my system, I did as Auctiva suggested (disabled my Firefox tools/options/warn attach sites tab) and all went well last night and today. Presently 4:00 Arizona time, the site has bogged down...seems simply overloaded, sluggish and just plain fried.

Regarding the Auctiva infection, there are 2 issues disturbing to me:  One is the coincidence in timing of this attack, with Auctiva trying to offer an economic alternative to eBay and Two, that Google can fry access to any site at will without any review whatsoever. The block was total on my Firefox browser yesterday, even when I clicked through the warnings.  
Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva
by: eBuyer Feedback
       
Sun Feb 22 19:07:09 2009
I use Linux so I was able to click on Auctiva images with reckless abandon.
Click to view more comments
1 2 3  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page.

Login for AB Verify
Be sure and use your email address and password to log in.
 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.
 AB Blog Recent Posts 
 EB Blog Recent Posts 
 AB Blog Recent Comments 


Subscribe in a reader

Archives
 
About Us      Privacy Policy & Terms      Link to Us      Partners      Our Writers      Write for Us      Press        Site Index

Copyright 1999-. Steiner Associates LLC. All rights reserved.
 




Powered by Perl Web Blog
© 2005/2013 Ranson's Scripts