Auctiva sent this email out on the evening of Monday, February 23rd:

SUBJECT: Information regarding Auctiva’s Site Warning

February 23, 2009
7:30 PM PST

On Thursday, February 19 we discovered the presence of malware on the Auctiva servers. This caused Google to flag Auctiva as a dangerous site. Our Systems Engineers identified the malware through our monitoring system and they immediately began working to isolate the infected servers and take them offline. During this process the site was running on fewer servers and you may have experienced some delays.

The infected servers were wiped clean and by Saturday morning, most servers were put back online. As of Sunday night, Google rescanned and determined we were safe to navigate. However, upon continued monitoring today, additional malware was detected and we decided to temporarily take offline to eliminate the possibility of further infection. We take the security of our site very seriously. We have identified the source of the problem and we are working 24/7 to resolve the issue. We will bring back online once we are confident we can provide the level of safety and security for our customers that we have for the past 10 years.

What can you do now?

If you visited between Thursday evening and Saturday afternoon at about 2 PM PST, as a precautionary measure we recommend taking the following actions to ensure that your computers are not infected:

1. Clear your browser cache, delete ALL temporary internet files, and restart your browser. For instructions specific about your browser:
2. If using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.
3. Make sure you are running reputable antivirus software.
4. Use the Firefox browser if possible, as it has been shown to be less susceptible to this sort of malware than Internet Explorer.
During this time your Auctiva Checkout, scheduled listings, and images, templates and scrolling gallery in listings on eBay will remain available.

As we work through this issue we will post regular updates on our Community Forums

Kevin Kinell
VP, Engineering

On February 24th at about 9:40 PM, Auctiva emailed out a new statement:

SUBJECT: UPDATE – Information regarding Auctivas Site Warning
February 24, 2009
5:30 PM PST

After notable efforts by our IT and Development teams, as well as assistance from eBay, we were able to bring back online as of 5 am, PST. Our site is safe to navigate, as verified by Google.

We identified the root issue of the malware and we’re moving forward with the necessary protection to prevent this from happening again.

We are on a more segregated network with increased security and are performing on-going virus scans. Additionally, eBay is currently running a vulnerability scan to ensure the integrity of our database. There are still a few minor issues with the live site that we are resolving. These are no longer related to the malware, but rather issues in bringing the site back up on new servers. Our Release Engineering team is working with IT to get things back to complete.

What happened?

The virus malware was injected via a third third-party plug-in. Once in the file directory, the virus malware executed malicious script that gained access to files. Once access was gained, the perpetrators used that access to place low-level malicious script into files that were distributed to some of our users.

What can you do now?

    * As a matter of good practice everyone should be regularly scanning their computer with antivirus software. If you already have antivirus software then you should check to be sure you have the latest virus definitions update for the software and run routine scans of your computer.
    * If you don’t already have antivirus software eBay recommended that users try Microsoft’s OneCare antivirus scanner for home users.…/install/install.htm.
    * If you are using a Windows machine, make sure you are updated with all the current Microsoft updates and patches.

Thanks are due to so many people, our customers, our IT staff and eBay for working with us on this issue. I know we’re all looking forward to moving past this and getting back to business as usual. We will continue to post regular updates on our Community Forums

Kevin Kinell
VP, Engineering