Phishers attack eBay using new technique

Itsme · 12-11-2005, 07:06 AM

http://www.mercurynews.com/mld/mercu...y/13376864.htm
Phishers attack eBay using new technique

By Michael Bazeley
Mercury News

Scammers have found a new way to try to trick eBay members into giving them their personal information. The new technique effectively hijacks links on listing or search results pages, taking people to an official-looking eBay log-in page that is actually phony.

In one example the Mercury News viewed this week, several listings were added to eBay's ``Totally bizarre'' category, a section intended for offbeat items, with the title ``Movie!With me and Laura!My best friend!Sexy show!1$'' When eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page. Making matters worse, the phony page appears to download a virus onto users' computers.

EBay said the people behind the scam appeared to have added malicious JavaScript code to their listings that redirected people off eBay's site. EBay allows members to include some types of JavaScript in their listings for things such as interactive photo albums or tools to help buyers calculate shipping charges.

EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. He added that this technique is ``very rare'' on eBay's site. Durzy said the company would update its screening tools. The offending links appeared to be gone Friday.

The practice of trying to dupe Internet users into revealing their personal information is known as ``phishing.'' The eBay and PayPal services are two of the more popular targets for phishers. Typically, phishers will send out phony e-mail messages directing people to official-looking eBay or PayPal log-in pages, where they are asked to provide user names and passwords. In some cases, the phishers then hijack the accounts and sell phony or non-existent items on eBay. In other instances, they download malicious computer viruses or programs known as keyloggers onto computers. The hidden keylogger software captures log-in names and passwords as people type them into sensitive Web sites and then sends the information to the attackers.

Durzy said this latest phishing technique is evidence that other forms of phishing are becoming less effective. ``I think they are trying to become more and more inventive because it's becoming harder and harder to do this,'' he said.

ArkiStan · 12-14-2005, 06:00 AM

phishing meets porn spam! Brilliant!!!

zero2dash · 12-15-2005, 08:03 AM

...good 'ol JavaScript
Secure and "not potentially system destructive" as ever.

12-11-2005, 07:06 AM	#1
Itsme Vice Admiral Join Date: Aug 2004 Location: Southern California Posts: 4,813	Phishers attack eBay using new technique http://www.mercurynews.com/mld/mercu...y/13376864.htm Phishers attack eBay using new technique By Michael Bazeley Mercury News Scammers have found a new way to try to trick eBay members into giving them their personal information. The new technique effectively hijacks links on listing or search results pages, taking people to an official-looking eBay log-in page that is actually phony. In one example the Mercury News viewed this week, several listings were added to eBay's ``Totally bizarre'' category, a section intended for offbeat items, with the title ``Movie!With me and Laura!My best friend!Sexy show!1$'' When eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page. Making matters worse, the phony page appears to download a virus onto users' computers. EBay said the people behind the scam appeared to have added malicious JavaScript code to their listings that redirected people off eBay's site. EBay allows members to include some types of JavaScript in their listings for things such as interactive photo albums or tools to help buyers calculate shipping charges. EBay has tools that automatically scan new listings for computer viruses and malicious JavaScript, spokesman Hani Durzy said. In this instance, the hacker apparently used code that sneaked past the screening process. He added that this technique is ``very rare'' on eBay's site. Durzy said the company would update its screening tools. The offending links appeared to be gone Friday. The practice of trying to dupe Internet users into revealing their personal information is known as ``phishing.'' The eBay and PayPal services are two of the more popular targets for phishers. Typically, phishers will send out phony e-mail messages directing people to official-looking eBay or PayPal log-in pages, where they are asked to provide user names and passwords. In some cases, the phishers then hijack the accounts and sell phony or non-existent items on eBay. In other instances, they download malicious computer viruses or programs known as keyloggers onto computers. The hidden keylogger software captures log-in names and passwords as people type them into sensitive Web sites and then sends the information to the attackers. Durzy said this latest phishing technique is evidence that other forms of phishing are becoming less effective. ``I think they are trying to become more and more inventive because it's becoming harder and harder to do this,'' he said.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

12-14-2005, 06:00 AM	#2
ArkiStan Admiral Join Date: May 2000 Location: Recession Central Posts: 5,898	phishing meets porn spam! Brilliant!!!

12-15-2005, 08:03 AM	#3
zero2dash Commander Join Date: Dec 2000 Location: Fenton, MO - but I wish I was at the beach. ANY beach. Posts: 1,367	...good 'ol JavaScript Secure and "not potentially system destructive" as ever.

User Name
Password
Remember Me?