Itsme
12-11-2005, 06:06 AM
http://www.mercurynews.com/mld/mercurynews/business/technology/13376864.htm
Phishers attack eBay using new technique
By Michael Bazeley
Mercury News
Scammers have found a new way to try to trick eBay members into giving them their personal information. The new technique effectively hijacks links on listing or search results pages, taking people to an official-looking eBay log-in page that is actually phony.
In one example the Mercury News viewed this week, several listings were added to eBay's ``Totally bizarre'' category, a section intended for offbeat items, with the title ``Movie!With me and Laura!My best friend!Sexy show!1$'' When eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page. Making matters worse, the phony page appears to download a virus onto users' computers.
EBay said the people behind the scam appeared to have added malicious JavaScript code to their listings that redirected people off eBay's site. EBay allows members to include some types of JavaScript in their listings for things such as interactive photo albums or tools to help buyers calculate shipping charges.
EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. He added that this technique is ``very rare'' on eBay's site. Durzy said the company would update its screening tools. The offending links appeared to be gone Friday.
The practice of trying to dupe Internet users into revealing their personal information is known as ``phishing.'' The eBay and PayPal services are two of the more popular targets for phishers. Typically, phishers will send out phony e-mail messages directing people to official-looking eBay or PayPal log-in pages, where they are asked to provide user names and passwords. In some cases, the phishers then hijack the accounts and sell phony or non-existent items on eBay. In other instances, they download malicious computer viruses or programs known as keyloggers onto computers. The hidden keylogger software captures log-in names and passwords as people type them into sensitive Web sites and then sends the information to the attackers.
Durzy said this latest phishing technique is evidence that other forms of phishing are becoming less effective. ``I think they are trying to become more and more inventive because it's becoming harder and harder to do this,'' he said.
Phishers attack eBay using new technique
By Michael Bazeley
Mercury News
Scammers have found a new way to try to trick eBay members into giving them their personal information. The new technique effectively hijacks links on listing or search results pages, taking people to an official-looking eBay log-in page that is actually phony.
In one example the Mercury News viewed this week, several listings were added to eBay's ``Totally bizarre'' category, a section intended for offbeat items, with the title ``Movie!With me and Laura!My best friend!Sexy show!1$'' When eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page. Making matters worse, the phony page appears to download a virus onto users' computers.
EBay said the people behind the scam appeared to have added malicious JavaScript code to their listings that redirected people off eBay's site. EBay allows members to include some types of JavaScript in their listings for things such as interactive photo albums or tools to help buyers calculate shipping charges.
EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. He added that this technique is ``very rare'' on eBay's site. Durzy said the company would update its screening tools. The offending links appeared to be gone Friday.
The practice of trying to dupe Internet users into revealing their personal information is known as ``phishing.'' The eBay and PayPal services are two of the more popular targets for phishers. Typically, phishers will send out phony e-mail messages directing people to official-looking eBay or PayPal log-in pages, where they are asked to provide user names and passwords. In some cases, the phishers then hijack the accounts and sell phony or non-existent items on eBay. In other instances, they download malicious computer viruses or programs known as keyloggers onto computers. The hidden keylogger software captures log-in names and passwords as people type them into sensitive Web sites and then sends the information to the attackers.
Durzy said this latest phishing technique is evidence that other forms of phishing are becoming less effective. ``I think they are trying to become more and more inventive because it's becoming harder and harder to do this,'' he said.