Trojan-Spy.HTML.Bayfraud

Detect Date 09/23/2006
Class Trojan-Spy
Platform HTML
Description

This Trojan uses spoofing technology, and appears to be an HTML page. It is designed to steal confidential information from eBay users.

It is sent out in the guise of an important message from eBay.

The message contains a link which utilizes the Frame Spoof vulnerability in Internet Explorer.

When the user clicks on the link, it leads to a spoofed page. If the user enters his/ her account details, they will be sent to the remote malicious user, who will then be able to access and change the user’s profile.

The Frame Spoof vulnerability (MS04-004) is present in Microsoft Internet Explorer versions 5.x and 6.x. Microsoft has published a document which details the vulnerability and gives recommendations on how to identify spoofed links.