Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Scrambles to Fix Phishing Bug

Posted by Zonk on from the watch-where-you-click dept.

Paul Laudanski writes "c|net is reporting that eBay is scrambling to fix a software glitch which opens doors to phishing attacks via one of its own valid URLs. "The flaw may have already allowed individuals to use one of eBay's URLs to trick unsuspecting parties into visiting malicious sites, the company representative said.""

5 of 131 comments (clear)

  1. I found it last week by ericspinder · · Score: 3, Informative
    Got in as spam in my old honey pot, and I had a hard time sending to the company, as I didn't want to sign into their system to do it.

    Finally I tried abuse@ebay, that sent back an automated reply and in that reply, I found the email spoof@ebay.com

    I doubt if I'm the only person who found that scam, but I am glad that they seem to be taking action.

    --
    The grass is only greener, if you don't take care of your own lawn.
  2. Re:Scrambling? by Ulric · · Score: 3, Informative

    It was reported on Bugtraq on Feb 13. Here: http://www.securityfocus.com/archive/1/390378/2005 -02-07/2005-02-13/0

  3. spoof@ebay.com not as useful as it could be by John+Miles · · Score: 3, Informative

    Annoyingly, my ISP (Speakeasy) has stopped allowing its customers to forward phishing emails to spoof@ebay.com.

    They are doing content filtering on outgoing mail, which is something I really wish they wouldn't do. I have no idea what aspect of the message triggers the filter, but any attempt to forward an HTML phishing mail without converting it to plaintext first (and losing the href fields that would allow eBay to shut down the phishing sites) yields "Server Response: '554 message permanently rejected, you may have a virus (#5.3.0)'."

    All attempts to communicate my displeasure to Speakeasy's support department have met with the usual language barrier (I speak English, they speak Moronese). I simply could not find a way to convince them that I wasn't having trouble sending email in the general case. If anybody from Speakeasy is reading this, it would be nice if they got the clue bat after whoever implemented this filter. Customers need to be able to opt out of all content filters, both incoming and outgoing.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
  4. Re:Scrambling? by ericspinder · · Score: 3, Informative

    Ok, I'm not your parent poster, but I got it too. He didn't re-add the link, which was lost in the paste https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&Us ingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http% 3A%2F%2Fcgi4.ebay.com%2Fws%2FeBayISAPI.dll?MfcISAP ICommand%3dRedirectToDomain%26DomainUrl=http%3A%2F %2F62.193.211.236%2FeBayISAPI.php&pageType=1883, and it still works! Just for the really incredable stupid... this is the Phishing attack. The page is a valid Ebay sign in page, but the action will send you to the phisher's site. I'm not sure what they do there, I'd guess that they just say that your password was invalid and to try again. Anyone got a throw away Ebay account they would like to try on it?

    --
    The grass is only greener, if you don't take care of your own lawn.
  5. Re:Phishing EBay by John+Miles · · Score: 4, Informative

    Um, no, that's the whole thing... there aren't any goods to mail.

    The idea is, I use your account to post an auction for an expensive piece of equipment with a glowing description stolen from another successful auction, photos courtesy of Google Image Search, and a Buy It Now price around 20% of retail. The victim hits the BIN button and, at my request, sends me a Western Union transfer to pay. That's the last anyone hears from me.

    Typically this scam is operated from Internet cafes in Eastern European countries with twentieth-century technology and twelfth-century ethics.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.