EcommerceBytes-NewsFlash, Number 1983 - February 23, 2009     1 of 5

Trojan Infects eBay Third-Party Developer Auctiva

Email This Story to a Friend

Auctiva, a third-party developer that provides free tools for half a million eBay sellers, became infected with the Trojan-Clicker "trojan horse" malware (see Symantec's description of the trojan here). Auctiva President Jeff Schlicht said the company found and quickly fixed the scripting virus that had attached itself to a few html and javascript files.

Auctiva immediately took the infected servers out of rotation, wiped the Operating Software on those servers, and reloaded them and put them back online around 3 pm on Saturday, according to Schlicht.

However, users attempting to visit the site continued to receive a pop-up warning as late as Sunday evening. The advisory was issued by Google, which must review the site before it will remove the warning. As a result, some sellers who use Auctiva Checkout are reporting that buyers are unable to pay for items. There was no announcement about the issue from eBay as of Sunday evening.

Auctiva confirmed that they posted the following message on the company's community boards earlier in the day on Sunday:

Hi Community,
Update - Our engineering team is still investigating this situation but, at this point, it appears the reason these virus alert warnings started showing up on our site is because some of our machines were injected with malware originating in China. The malware we believe to be at fault has also hit a number of other high profile websites over the past 6 months.

If our current suspicions about what happened are correct, we know some things we can do to prevent this from happening again, but some additional investigation will be required before we reach a conclusive determination.

The affected machines are no longer in our rotation so it is currently safe to navigate the Auctiva website, however, if you did visit our site between Thursday evening and Saturday afternoon at about 2 PM PT, as a precautionary measure, we recommend taking the following actions to ensure that your computers are not infected:

1) Clear your browser cache, delete ALL temporary internet files, and restart your browser.
2) If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3) Make sure you are running some reputable antivirus software (AVG is available for free at and is known to catch this malware)
4) Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.

Comment on the AuctionBytes Blog

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to

You may quote up to 50 words of any article on the condition that you attribute the article to and either link to the original article or to
All other use is prohibited.