HTML/Ebay!phish

Visible Symptoms

Detailed Analysis

[Variant from AV Definition 4.811]
This phishing uses a spoof email from "eBay Inc" or "eBay" and any of the following Email Subject:
	Customer Service: Your Account In eBay Inc EBAY - URGENT SECURITY NOTICE EBAY EMAIL VERIFICATION EBAY INC - URGENT SECURITY NOTIFICATION EBAY: URGENT SECURITY NOTICE EBAY: URGENT SECURITY NOTIFICATION Protect your eBay Inc account URGENT NOTIFICATION FROM EBAY BILLING DEPARTMENT eBay Inc - confirm your details to avoid service cancellation eBay Official Update eBay: please confirm your banking details
The Email looks really authentic for it has the Ebay Logo. The message informs the eBay Member that the account is to be suspended and he needs to re-update the account information.
The image above is named differently as follows: "alexander.GIF", "breach.GIF", "bridesmaid.GIF", "cankerworm.GIF", "dumpy.GIF", "howdy.GIF", "ken.GIF", "levee.GIF", "semitic.GIF", "sensuous.GIF", "tapis.GIF"
When a user follows the link in the email (by clicking the image), it goes to a spoofed website asking for eBay User Account.
Also, the originator of the phishing scam has added the following hidden text in the email. This hiddent text becomes visible when highligted by using the mouse.
	in 1978 Jokes in 1873 smash barricades Netscape city name Or in 1826 Guns Passwords in 1847 in 1922 Pop Music in 1863 iMesh Vacation EBay in 1814 exercising enough Black and White in 1823 try to understand How much is that? Forget it! in 1876 in 1990 I have got .Let's come back engine to go there Martha Stewart Halloween in 1815 Yes, it's me. in 1831 Young Mariah Carey Getaway You'd better not.. I can't agree Never! in 1828 Pearl Harbor Prom Hairstyles in 1957 Heat crisis in Will you, please... Altavista in 1834 ok deal Mortage Rates Love Poems in 1975 in 1911 Lingerie Will you