posted on August 20, 2006 03:37:33 PM new
Here is an excerpt from Scot Wingo's blog ( http://ebaystrategies.blogs.com/
August 17, 2006
New eBay fraud tactic: Viral Porn Trojan Horses (VPTH)
A new tactic (which we have dubbed VPTH) has hit eBay hard the last couple of days. Unfortunately it's a really clever way to get lots of eBay uids/passwords AND it's very viral so it appears to be growing at an exponential rate.
Here's how the bad guys do it:
1. They use normal Phishing techniques to get an ebayer's uid/pwd (preferably a seller with some good feedback).
2. They post toins of malicious listing to popular categories. In the listings they:
* Use something like porn imagery to draw heavy click-through to the listing
* Turn on every eBay bonus feature you can imagine: bold, highlight, gallery plus, featured plus, etc. (hey they aren't paying so why not?!)
* Lots of timese these are 1 day auctions so they are indexed quick and TnS doesn't have much time to a) find and b) react.
* Now here's the trick - they put in the listing some malicious javascript that redirects anyone that clicks on the listing to a page at badguy.com that is 100% identical to an eBay login page and it says: "To view this item you must login".
3. Now the bad guys have tons of BUYER userid's and logins, which they then use to get into paypal accounts, launch more auctions and cause general mayhem.
4. Some of these are so clever you can't find which listing is doing it. They'll post a porn listing and then 10 regular ones all with the javascript in there. A seller saw one yesterday that seemed to infect every listing in the category - it somehow was changing the search results pages around.
In the last two weeks this scheme is happening more and more frequently. Yesterday the entire shoe category was full of these things.
There's more - click on link above to read
BE CAREFUL!!!!!!!!!!!
-------------------------------------
posted on August 20, 2006 05:00:03 PM new
Wait till the mainstream media gets ahold of this. They'll have potential buyers afraid to come anywhere near Ebay.
The one part of Scott's solution that I like is to have 3rd party partners pre-submit any javascript they intend to use, and prohibit all other javascript in auctions by sellers.
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on August 20, 2006 05:03:41 PM new
I thought all java script was not allowed in the description field anyway??? If not that will be coming.
Hummm guess not
HTML and JavaScript
eBay does not permit the use of several types of HTML and JavaScript functions in member listings, Stores pages, About Me pages, or Want-It-Now ads.
Any attempts to disguise the intention or function of the source code (HTML or JavaScript) of your listing are in violation of eBay policy. This includes, but is not limited to:
the use of unescape functions in JavaScript
items that split HTML or other JavaScript tags with the express purpose of hiding the tags within the source code of the listings’s HTML or script
Users may not manipulate or edit any areas outside of the areas designated for member content.
Additionally, on the German site (eBay.de), the use of JavaScript functions is further limited. Refer to the Additional Information section below for more information.
Violations of this policy may result in a range of actions, including:
posted on August 22, 2006 03:44:55 AM new!!!DONT'T PANIC!!!
These javascript-redirecting auctions have been around for a few months so it's really nothing new. Sure, they are in violation of eBay policy, but as the accounts used are almost always 'hijacked' so there is no accountability. Anyone unwise enough to open a 'tainted' eBay auction listing risks having their eBay ID and password being purloined by an Eastern European arch cyber criminal and used for nefarious purposes.
