SecurityFocus

eBay Account Phishing with eBay Redirect Feb 13 2005 06:08AM
Steven (steven lovebug org) (1 replies)

Re: eBay Account Phishing with eBay Redirect Feb 14 2005 07:08PM
Josh Tolley (josh raintreeinc com) (2 replies)

Re: eBay Account Phishing with eBay Redirect Feb 15 2005 05:05AM
Nick FitzGerald (nick virus-l demon co uk)

Re: eBay Account Phishing with eBay Redirect Feb 15 2005 12:25AM
Jonathan Rockway (jrockw2 uic edu) (1 replies)

RE: eBay Account Phishing with eBay Redirect Feb 15 2005 09:47PM
Thomas T. Evans, III (ttevans hawkcorp net)

You may want to be careful about following links like this. I have read that
part of the problem is, even if you load bogus information or no information
at all, these sites will drop keyloggers, Trojans, etc. on your machine.
Just their way of saying 'Thanks for dropping by'.... :(

Thomas T. Evans, III CCNA
Senior Network Manager
Hawk Corporation
ttevans (at) hawkcorp (dot) net [email concealed]
216-267-7787 Ext. 500
Cell: 440-669-2526
Fax: 917-464-7241
President, MFG/Pro Midwest User Group

"The difference between genius and stupidity is genius has limits" -- Albert
Einstein

-----Original Message-----
From: Jonathan Rockway [mailto:jrockw2 (at) uic (dot) edu [email concealed]]
Sent: Monday, February 14, 2005 7:25 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]; Josh Tolley
Subject: Re: eBay Account Phishing with eBay Redirect

I just tried this out and it worked for me. I got a page asking for a
login name and made up a login name and password. After ``logging
in'', I got a page asking for my address, phone, CCN, bank information,
etc. (They ask for everything! ATM PIN, SSN, DOB, etc... who would
actually provide this to the real eBay!?)

After I submitted my fake data, it redirected me to the real eBay login.

Regards,
Jonathan Rockway

On 14 Feb 2005, at 1:08 PM, Josh Tolley wrote:

> I just tried this with my own URL, and eBay didn't forward me to some
> other site. Perhaps they've plugged this already?
>
> Josh Tolley
> Raintree Systems, Inc.
> http://www.raintreeinc.com
> 760 509 9000
>
> Steven wrote:
>> I am not sure if this is better served by incidents or bugtraq, but
>> in any event here it is. I frequently get the fake looking e-mails
>> phishing for my Paypal, eBay, and banking login/password information.
>> Generally the links to the spoofed webpages are just links to a fake
>> page with a modified A HREF tag. However, it appears someone has
>> found that eBay's actual page has a command to redirect to a
>> specified webpage. While this shouldn't be a big risk, it still
>> poses a small one and is being actively exploitated.
>> The page actually appears to link to eBay and it does, the link below
>> is the one I received in my inbox recently.
>> http://cgi4.ebay.com/ws/eBayISAPI.dll?
>> MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%3
>> 1%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DA
>> AJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrfer
>> HCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh Simply:
>> http://cgi4.ebay.com/ws/eBayISAPI.dll?
>> MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com Steven
>> steven (at) lovebug (dot) org [email concealed]
>>
--
Jonathan Rockway <jrockw2 (at) uic (dot) edu [email concealed]>
http://www.uic.edu/~jrockw2/

[ reply ]