On the site is a Download Now button that when executed installs a Trojan. After the victim installs the malware as prompted by the email, they are directed to log into their eBay accounts, which then sends their eBay log-in credentials to the scammers.
"While this is a relatively low volume campaign, the scammers have not only figured out how to circumvent the majority of anti-virus engines, they have also exploited an 'About Me' page of a compromised eBay account to host the Trojan," said Dr. Tom Steding, president and CEO of Red Condor.
"In past eBay phishing attacks, the call to action URL has been on some random compromised machine. This scam, however, is a malicious and very sophisticated attack, and unfortunately, is a good representation of the types of phishing attacks that we are likely to see going forward. This attack is likely to get by many email security systems, so users should delete the message immediately."