Security experts have intercepted a virus which claims to have been sent from eBay.com and uses a packer previously unseen in email virus distribution. The use of the uncommon packer in the W32/Myfip virus could make it more difficult for antivirus software vendors to identify and protect against the malicious code within, signalling "the start of a worrying trend", MessageLabs warned today.
The email containing the virus purports to have been sent by the webmaster at eBay.com, and suggests that eBay is conducting market research among its customers. Computer users are told that they could win valuable prizes if they take part in the research.
The subject line of the email reads: hi, [recipient], I'm webmaster of eBay.com, and we raise a research in our website.
Body text is as follows: I'm the webmaster of www.ebay.com, our company raise a research in our customers - Multiple Item Auctions - and this one unlike a regular eBay auction, Multiple Item Auctions can have many winners. If you're the winner of Multiple Item Auctions, you can get the follow thing: 1. a notebook that worth 18000$ 2. a camara [sic] worth 1000$ Learn about Multiple Item Auctions, you can click the URL under: [url removed]
The email-bourne virus is contained in a 51712 byte attachment, login.exe.
Over the weekend antivirus researchers at MessageLabs reported "a relatively low number" of copies of W32/Myfip, but advised computer users to be on their guard.