JBear - Phising is...
Camera - thanks for your input.
The thought that the leak is on my machine did enter my mind as one of the possibilities. If so, I will flatten my box and install a new image in order to secure it; however, at this point I'm not sure the leak is local to my box.
I'm currently running ZoneAlarm (software) firewall, which includes Antivirus and Spy Ware detection (updated today and currently scanning). I'm also running a NAT'ed firewall, a locked host file to prevent known hacks from sending out information (if, they should get in); in addition to Pest Patrol and Ad Aware (both updated and scanning). I also log traffic in/out from my router; however, that is a lot of information to look through, at least for now.
Two other possible thoughts have crossed my mind:
1. Ebay is generating a false positive when AuctionSniper logs in on my behalf (from a different/multiple IP addresses) when they check on multiple auctions that I'm watching/bidding on. However, my knowledge of Ebay's security thresholds’ is limited. In some really odd conspiracy theory mentality, this could be a way for Ebay to force people to use their goofy internal max proxy bidding system <shrug>.
2. A Man-in-the-middle (MITM) attack...
a. could be between user (me) and any other party between ebay or AuctionSniper.
b. could be between AuctionSniper and Ebay.
c. I've ruled out between me and Ebay (password never compromised when only these two parties are involved).
If AuctionSniper is secure, the most likely cause is touchy security thresholds at Ebay. The MITM attack takes a lot of knowledge and work. As for the Phising, I attempt to watch for signs of such issues (wrong/close domain, wrong cert, double prompt for passwords); however, I also surf through a paid Anonymizer.com site that filters bad content and phising sites. I understand there could also be a couple of other issues playing a role in this; however, all I can do is make assumptions (best practice or norm) with the unknowns.