Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Scrambles to Fix Phishing Bug

Posted by Zonk on from the watch-where-you-click dept.

Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""

13 of 131 comments (clear)

  1. While my article might not have prevented this by MichaelCrawford · · Score: 2, Informative
    Use Validators and Load Generators to Test Your Web Applications is likely to help you find a lot of problems with your web software, and some of those problems would be security holes.

    It is Free Documentation, under the GNU FDL.

    It's at GoingWare's Bag of Programming Tricks.

    --
    Request your free CD of my piano music.
  2. Re:Scrambling? by Anonymous Coward · · Score: 1, Informative

    Hey! What a coincidence! I just *just* got a fishing attack at my yahoo.com email.

    Here's the email, minus where the URL actually goes to:

    eBay NewYears User Agreement Update

    It's that time of year again! With 2005 now upon us, we have updated the eBay user agreement. As a result of the update, your account will be restricted until you have followed the link below and reconfirmed your contractual agreement with eBay. We apologize for any inconvience as a result of the update, but as a large e-commerce entity we are required to receive an updated agreement at the beginning of each year.

    After agreeing to the contract linked below, please feel free to check out some of the new auction styles for 2005. eBay now features pre-set auction details making selling easier than ever! Simply have eBay find your item, and it will present you with a preset information block regarding your product.

    Here at eBay, we are constantly working harder to make your auctions this year better then ever. We will be continuously adding features to improve your eBay experience like never before, and your eBay account is a first row seat to the action! So dont let your account expire, update your settings today, its a simple process, and will only take a few moments. All accounts not verified by March 30, 2005, will be subject to deactivation, and it may be required to register again to continue using eBay services.

    To update your account now, please follow the link below, validate your information, and confirm your acceptance of the updated agreement.

    https://signin.ebay.com/ws/eBayISAPI.dll?UpdateA gr eement

    Copyright © 2004 eBay Inc. All Rights Reserved.
    Designated trademarks and brands are the property of their respective owners.
    eBay and the eBay logo are trademarks of eBay Inc.
    eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.

  3. I found it last week by ericspinder · · Score: 3, Informative
    Got in as spam in my old honey pot, and I had a hard time sending to the company, as I didn't want to sign into their system to do it.

    Finally I tried abuse@ebay, that sent back an automated reply and in that reply, I found the email spoof@ebay.com

    I doubt if I'm the only person who found that scam, but I am glad that they seem to be taking action.

    --
    The grass is only greener, if you don't take care of your own lawn.
  4. Re:Scrambling? by derek_m · · Score: 2, Informative
    Scrambling isnt even a slightly valid description.

    Its been exploited in phishing attempts since at least Feb 16th: http://lists.surbl.org/pipermail/discuss/2005-Febr uary/004192.html

    Quite why they thought running an open redirector was a good idea is anyones guess.

  5. Re:Scrambling? by Ulric · · Score: 3, Informative

    It was reported on Bugtraq on Feb 13. Here: http://www.securityfocus.com/archive/1/390378/2005 -02-07/2005-02-13/0

  6. Re:Phishing EBay by rednip · · Score: 2, Informative

    Conducting fraudulent auctions with you "good name", buying stuff and then not paying for it with your "good name". Many people depend on seller and buyer ratings and reports for clues as to how much to trust someone. It can be so valuable that some people have set up businesses in Ebay which captalize on their good seller's reputation.

    --
    The force that blew the Big Bang continues to accelerate.
  7. spoof@ebay.com not as useful as it could be by John+Miles · · Score: 3, Informative

    Annoyingly, my ISP (Speakeasy) has stopped allowing its customers to forward phishing emails to spoof@ebay.com.

    They are doing content filtering on outgoing mail, which is something I really wish they wouldn't do. I have no idea what aspect of the message triggers the filter, but any attempt to forward an HTML phishing mail without converting it to plaintext first (and losing the href fields that would allow eBay to shut down the phishing sites) yields "Server Response: '554 message permanently rejected, you may have a virus (#5.3.0)'."

    All attempts to communicate my displeasure to Speakeasy's support department have met with the usual language barrier (I speak English, they speak Moronese). I simply could not find a way to convince them that I wasn't having trouble sending email in the general case. If anybody from Speakeasy is reading this, it would be nice if they got the clue bat after whoever implemented this filter. Customers need to be able to opt out of all content filters, both incoming and outgoing.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
  8. Re:About time... by ryanjensen · · Score: 2, Informative
    I reported this to spoof@ebay.com months ago when I first received it. I included my opinion that running an open redirect is utterly stupid and useless (why the hell would they do this anyway?). I received no response, as expected, but I am dismayed to see that the exploit is still available.

    Ryan

    --
    The Ezine Directory
  9. Scam link by wotevah · · Score: 2, Informative

    The link in the scam email eventually redirects to this IP address in France, *after* ebay verifies your login. Incidentally, the one I received came through a server in Korea.

    http://62.193.217.91/eBayISAPI.php

    Page two asks for your credit card, which answers the questions about the benefits of ebay phishing.

  10. Re:Phishing EBay by wotevah · · Score: 2, Informative

    As in my previous post, page two of the fake website asks for credit card. Since the sheep never wonder why a certain piece of private information is "required" on a form, I bet a lot of people actually filled that in too.

  11. Re:Scrambling? by ericspinder · · Score: 3, Informative

    Ok, I'm not your parent poster, but I got it too. He didn't re-add the link, which was lost in the paste https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&Us ingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http% 3A%2F%2Fcgi4.ebay.com%2Fws%2FeBayISAPI.dll?MfcISAP ICommand%3dRedirectToDomain%26DomainUrl=http%3A%2F %2F62.193.211.236%2FeBayISAPI.php&pageType=1883, and it still works! Just for the really incredable stupid... this is the Phishing attack. The page is a valid Ebay sign in page, but the action will send you to the phisher's site. I'm not sure what they do there, I'd guess that they just say that your password was invalid and to try again. Anyone got a throw away Ebay account they would like to try on it?

    --
    The grass is only greener, if you don't take care of your own lawn.
  12. Re:Phishing EBay by John+Miles · · Score: 4, Informative

    Um, no, that's the whole thing... there aren't any goods to mail.

    The idea is, I use your account to post an auction for an expensive piece of equipment with a glowing description stolen from another successful auction, photos courtesy of Google Image Search, and a Buy It Now price around 20% of retail. The victim hits the BIN button and, at my request, sends me a Western Union transfer to pay. That's the last anyone hears from me.

    Typically this scam is operated from Internet cafes in Eastern European countries with twentieth-century technology and twelfth-century ethics.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
  13. Re:Scrambling? by Adam9 · · Score: 2, Informative

    The problem is that there is no throwaway Ebay account since they require a checking account and/or credit card to create your Ebay account.