AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Sun Feb 22 2009 11:08:38

Trojan-Clicker Infects eBay Vendor Auctiva

By: Ina Steiner

Sponsored Link

Auctiva said it found and quickly fixed a scripting virus that had attached itself to some html and javascript files. The company provides free services to eBay sellers. Users began reporting that they were receiving warnings when visiting the site, and the company confirmed that some of its servers had been infected with the Trojan-Clicker "trojan horse" malware (see Symantec's description here).

Auctiva President Jeff Schlicht said the Trojan-Clicker pops up ads on Asian sites. He believes the malware remains resident in system memory and continuously or regularly attempts to connect to specific websites in order to inflate the visit counters for those specific pages.

He said Auctiva immediately took the infected servers out of rotation, wiped the Operating Software on those servers, and reloaded them and put them back online around 3 pm on Saturday. While the servers were offline, the site ran slower but is now back to normal speed.

Attempting to visit the site continues to result in a pop-up warning, "This web site at www.auctiva.com has been reported as an attack site and has been blocked based on your security preferences." Schlicht said while Google is quick to identify such problems, it's slow to remove the warning after the problem is resolved. "Hopefully we can get that taken care of soon," he said of the Google warnings.

He added, "The safest thing to do for users now is to make sure they have their virus detection turned on and updated to be safe. Of course they should be doing that anyway. We've fixed the issue and been going through every server, around 200, and running detection and haven't found anything."

The site StopBadware.org has resources on removing malware.



Update 2/23/09: The home page of Auctiva currently displays this message:

Notice

Our web site, auctiva.com, was infected by malware on 2/19/09. Since that time we have been working 24/7 to remove the malware from our servers.

During the most recent evaluation of the situation, we determined that the best course of action would be to temporarily take auctiva.com offline. Once we are confident that we have completely removed the malware, we will bring auctiva.com back online.

During this time your Auctiva Checkout, scheduled listings, and images, templates and scrolling gallery in listings on eBay will remain available. However, the supersize images function will not work.

Please visit our Community Forums for on-going updates http://community.auctiva.com/eve/forums/a/frm/f/1081020411.




Comments (50) | Permalink

Readers Comments

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Pat

Sun Feb 22 12:01:44 2009

Thanks for this Ina. I get warning messages everytime I try to go to Auctiva. Google still has "This site may harm your computer." messages on all the Auctiva results...

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: John (ColderICE)

Sun Feb 22 12:24:35 2009

Wow, that was so helpful....NOT!!! I can not believe that all they have to say is ''oh yeah, we fixed that''. THOUSAND of sites, auctions and pictures are returning MALWARE dude! This does NOT happen everyday man.

This has been flagged as a malware/trojan  http://bit.ly/yXjsf

WAKE UP cause this has effected the lives of possibly thousands of sellers and all they can say is...''make sure they have their virus detection turned on''?!? WTH? Amazing, absolutely amazing...or maybe it is just me?

John (ColderICE)

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: H@ly Cr@p!

Sun Feb 22 12:37:18 2009

I just read this and was going to list today. Does this mean I can't or has Auctiva ridded the trojan form there servers?

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Rebel

Sun Feb 22 12:42:15 2009

Well I know it's a terrible thing, but now you know how eBay affiliates feel!We have been getting ripped off since Auctiva entered the scene.The traffic we send to the sellers sites....that have our affiliate cookies always get overwritten by Auctiva's own affiliate cookies.You didn't know they were also affiliates?Yes they are, and they steal from regular affiliates everyday!You wouldn't expect them to provide a image service for free...would you?Nope!The eBay affiliate is paying for that!If I was a seller, I would ditch them now, as it's going to get worse...I guarentee you!Their are already organzations building strong cases against Auctiva at this very moment and it shall come to a head very soon!

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Lonster

Sun Feb 22 12:43:11 2009

I'm sure this isn't breaking eBay's heart. Auctiva just launched their own stores apart from eBay

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Lisa

Sun Feb 22 12:47:41 2009

It is probably no coincidence this attack happened just as auctiva was launching their own e-commerce site.

Unfortunately, by giving their own users the runaround and not being straight up with them (there is more truthful information posted here than posted by auctiva staff anywhere on their entire message boards), their credibility with potential paying customers is at stake.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: dcsbodyjewelry

Sun Feb 22 13:06:07 2009

Auctiva definitely isnt being straightforward with it's users, and for that reason I will no longer user auctiva's services and will close my new auctiva commerce store. This is B.S. that since all this evolved, NOT once has auctiva staff gone public with it's user base and informed them of the potential consequenses are if they continue using their templates and image hosting services.  

Internet Explorer is the only browser I've found that doesnt alert the viewer of malicious software problems. Anyone attempting to view an auctiva users listing using firefox, google chrome and other browser types clicking on images immediately get a big  windows alert message pop up warning viewer of malicious software and blocks the viewer instantly.


Until google and firefox areconvinced Auctiva is virus and malware free.....they will continue to block and warn everyone that views an auctiva listing whether it be on ebay or auctiva store.  

Auctiva staff has the responsibility to it's users to point these TRUTHS out, but as of this time, auctiva has skirted the problem for 3 days now.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: frustrated

Sun Feb 22 13:25:51 2009

This story would have been helpful 2 days ago. It's a bit late and more than a bit thin.

Auctiva bungled this from the get-go.

I'm glad I don't have a store with Auctiva that showed as an attack site in google search results. I'm sure those customers won't ever come back.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: JLR

Sun Feb 22 15:31:40 2009

So I ignored the warnings, launched IE7 and decided to go to the Auctiva website. IE7 crashed, or seemed to have crashed on loading the Auctiva website. Next thing I know, my computer is infected with unknown processes, Norton found a trojan it can't remove, and after running Adaware, ComboFix, and Spybot, I still have random popups and scvhost.sys crashes randomly.

Stay away from Auctiva... they should have taken down the entire site at the first sign of the hack and not allowed other users such as myself to get infected. I'm now looking at a total os rebuild.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: MsFish213

Sun Feb 22 15:37:47 2009

I was on the site Friday, Saturday and today...ran scans after, did not have anything abnormal showing in my scans-no viruses, no trojans, no malware.  It was only on certain servers. I will continue to use their service.  I would imagine this would make them even safer going forward, since I am sure they do not want a repeat of this fiasco.    

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: 117995

Sun Feb 22 16:32:37 2009

Yep, and lucky me have been using it for the last couple of days.

I checked my ebay listing, and a warning pops up when clicking photos. Yeah, that will sure help with sales. Switched to Firefox to check.

Yesterday they had warnings on site stating it would be slow due to their pulling servers for emergency repairs-nothing about infected servers.

Should we be totally convinced the servers are clean?

I agree with Lisa that "It is probably no coincidence this attack happened just as auctiva was launching their own e-commerce site."




Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Janine

Sun Feb 22 16:47:45 2009

I got an Auctiva Commerce store about 3 weeks ago. Funny thing is, I haven't done anything with my store yet out of fear something like this might happen, the closer Auctiva would get to going public with the Commerce stores.
I signed up early to lock in the lower membership fee but, like I said, something told me not to rush the experience.

I know a lot of you are ticked off at Auctiva and I am aware of the reasons why. But, I'm more pissed off at the people who did this to Auctiva; people that obviously have nothing better to do with their time than screw someone over. What a bunch of tards.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: 778373

Sun Feb 22 16:52:10 2009

BTW
By stating I agree with Lisa "that it's probably no coincidence" I am not saying who or why this happened.

eBay users will also be infected as many listers use Auctivia.

Should both Auctivia and eBay alert the buyers or close down the site? Many here seem to think so. What about the sellers who list through both sites, should our paid listings be pulled?

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: john

Sun Feb 22 17:44:16 2009

Like the user above, I was on the site, uploading photos, did a few auctions on saturday and next reboot, had all sorts of new processes and crashes. Soxpeca.exe, and about 4 other processes, svchost.exe crashes, memory crashes and combofix finds but can't rid the trojan. I am also looking at a complete OS reinstall. This machine was perfect prior.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: della and the dealer

Sun Feb 22 17:48:23 2009

Auctiva Mike D. still has a post up suggesting that you should turn off ''warn me if this is listed as an attack site'' if you use Firefox.  
-quote-
Update - If you are using the Firefox browser and are unable to use your account because you are receiving a warning stating the Auctiva is an ''attack site'', you should be able to workaround it by selecting ''Options'' from the ''Tools'' menu and disabling the ''tell me if the site I’m visiting is a suspected attack site'' setting under the ''Security'' tab.
-quote-

Someone might want to give Auctiva a clue here.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: mimi

Sun Feb 22 17:53:05 2009

Well, I was going to do some eBay shopping today - forget it! So many thousands of sellers use Auctiva - what a major disaster. Someone from eBay needs to post something in the announcement section. So much for all those people begging for the new Auctiva Stores. I wouldn't get near them now! Forget shopping today (or listing) - what a cluster!

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Annie

Sun Feb 22 17:55:19 2009

Auctiva is wrong with claiming that they are in control of this situation.  This started Thursday, and everytime I was on the site I was getting warnings.  Know they don't want to admit that they got hacked, but they have an obligation to their users to notify them, and not act like it is no big deal.  3 people I know have lost their computers since Thursday.  Coincidence or just bad luck?  All three use Auctiva!

As for their Ecommerce site starting up, glad I didn't buy into it.  Reason being, don't even know if it is going to be worthwhile.  Just like the idiotic website that Auctiva was selling and they were only good on Auctiva.

Love the features of Auctiva, but not worth being compromised with my computer.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: Kjel Varndsen

Sun Feb 22 18:07:44 2009

Fortunately, I am not an Auctiva (or an IE) user, and keep my security settings high and my AV up-to-date.

This is the latest message I get from Google:
http://www.google.com/safebrowsing/diagnostic?site=http://w
ww.auctiva.com/&hl=en

Of
the 49 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-22, and the last time suspicious content was found on this site was on 2009-02-21.

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: McFiver

Sun Feb 22 18:08:27 2009

Thanks for the updates.  After double scanning for virus & malware on my system, I did as Auctiva suggested (disabled my Firefox tools/options/warn attach sites tab) and all went well last night and today. Presently 4:00 Arizona time, the site has bogged down...seems simply overloaded, sluggish and just plain fried.

Regarding the Auctiva infection, there are 2 issues disturbing to me:  One is the coincidence in timing of this attack, with Auctiva trying to offer an economic alternative to eBay and Two, that Google can fry access to any site at will without any review whatsoever. The block was total on my Firefox browser yesterday, even when I clicked through the warnings.  

Trojan-Clicker Infects eBay Vendor Auctiva   Trojan-Clicker Infects eBay Vendor Auctiva

by: eBuyer Feedback

Sun Feb 22 19:07:09 2009

I use Linux so I was able to click on Auctiva images with reckless abandon.

Click to view more comments
1 2 3  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.