eBay Scrambles to Fix Phishing Bug 131
Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""
While my article might not have prevented this (Score:3, Informative)
It is Free Documentation, under the GNU FDL.
It's at GoingWare's Bag of Programming Tricks [goingware.com].
Re:Scrambling? (Score:1, Informative)
Here's the email, minus where the URL actually goes to:
eBay NewYears User Agreement Update
It's that time of year again! With 2005 now upon us, we have updated the eBay user agreement. As a result of the update, your account will be restricted until you have followed the link below and reconfirmed your contractual agreement with eBay. We apologize for any inconvience as a result of the update, but as a large e-commerce entity we are required to receive an updated agreement at the beginning of each year.
After agreeing to the contract linked below, please feel free to check out some of the new auction styles for 2005. eBay now features pre-set auction details making selling easier than ever! Simply have eBay find your item, and it will present you with a preset information block regarding your product.
Here at eBay, we are constantly working harder to make your auctions this year better then ever. We will be continuously adding features to improve your eBay experience like never before, and your eBay account is a first row seat to the action! So dont let your account expire, update your settings today, its a simple process, and will only take a few moments. All accounts not verified by March 30, 2005, will be subject to deactivation, and it may be required to register again to continue using eBay services.
To update your account now, please follow the link below, validate your information, and confirm your acceptance of the updated agreement.
https://signin.ebay.com/ws/eBayISAPI.dll?Update
Copyright © 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
I found it last week (Score:4, Informative)
Finally I tried abuse@ebay, that sent back an automated reply and in that reply, I found the email spoof@ebay.com
I doubt if I'm the only person who found that scam, but I am glad that they seem to be taking action.
Re:Scrambling? (Score:2, Informative)
Its been exploited in phishing attempts since at least Feb 16th: http://lists.surbl.org/pipermail/discuss/2005-Febr uary/004192.html [surbl.org]
Quite why they thought running an open redirector was a good idea is anyones guess.
Re:Scrambling? (Score:3, Informative)
Re:Phishing EBay (Score:3, Informative)
spoof@ebay.com not as useful as it could be (Score:4, Informative)
They are doing content filtering on outgoing mail, which is something I really wish they wouldn't do. I have no idea what aspect of the message triggers the filter, but any attempt to forward an HTML phishing mail without converting it to plaintext first (and losing the href fields that would allow eBay to shut down the phishing sites) yields "Server Response: '554 message permanently rejected, you may have a virus (#5.3.0)'."
All attempts to communicate my displeasure to Speakeasy's support department have met with the usual language barrier (I speak English, they speak Moronese). I simply could not find a way to convince them that I wasn't having trouble sending email in the general case. If anybody from Speakeasy is reading this, it would be nice if they got the clue bat after whoever implemented this filter. Customers need to be able to opt out of all content filters, both incoming and outgoing.
Re:About time... (Score:3, Informative)
Ryan
Scam link (Score:3, Informative)
The link in the scam email eventually redirects to this IP address in France, *after* ebay verifies your login. Incidentally, the one I received came through a server in Korea.
http://62.193.217.91/eBayISAPI.php [62.193.217.91]
Page two asks for your credit card, which answers the questions about the benefits of ebay phishing.
Re:Phishing EBay (Score:3, Informative)
Re:Scrambling? (Score:4, Informative)
Re:Phishing EBay (Score:5, Informative)
The idea is, I use your account to post an auction for an expensive piece of equipment with a glowing description stolen from another successful auction, photos courtesy of Google Image Search, and a Buy It Now price around 20% of retail. The victim hits the BIN button and, at my request, sends me a Western Union transfer to pay. That's the last anyone hears from me.
Typically this scam is operated from Internet cafes in Eastern European countries with twentieth-century technology and twelfth-century ethics.
Re:Scrambling? (Score:3, Informative)