Bugtraq mailing list archives
RE: eBay Account Phishing with eBay Redirect
From: "Thomas T. Evans, III" <ttevans () hawkcorp net>
Date: Tue, 15 Feb 2005 16:47:02 -0500
You may want to be careful about following links like this. I have read that part of the problem is, even if you load bogus information or no information at all, these sites will drop keyloggers, Trojans, etc. on your machine. Just their way of saying 'Thanks for dropping by'.... :( Thomas T. Evans, III CCNA Senior Network Manager Hawk Corporation ttevans () hawkcorp net 216-267-7787 Ext. 500 Cell: 440-669-2526 Fax: 917-464-7241 President, MFG/Pro Midwest User Group "The difference between genius and stupidity is genius has limits" -- Albert Einstein -----Original Message----- From: Jonathan Rockway [mailto:jrockw2 () uic edu] Sent: Monday, February 14, 2005 7:25 PM To: bugtraq () securityfocus com; Josh Tolley Subject: Re: eBay Account Phishing with eBay Redirect I just tried this out and it worked for me. I got a page asking for a login name and made up a login name and password. After ``logging in'', I got a page asking for my address, phone, CCN, bank information, etc. (They ask for everything! ATM PIN, SSN, DOB, etc... who would actually provide this to the real eBay!?) After I submitted my fake data, it redirected me to the real eBay login. Regards, Jonathan Rockway On 14 Feb 2005, at 1:08 PM, Josh Tolley wrote:
I just tried this with my own URL, and eBay didn't forward me to some other site. Perhaps they've plugged this already? Josh Tolley Raintree Systems, Inc. http://www.raintreeinc.com 760 509 9000 Steven wrote:I am not sure if this is better served by incidents or bugtraq, but in any event here it is. I frequently get the fake looking e-mails phishing for my Paypal, eBay, and banking login/password information. Generally the links to the spoofed webpages are just links to a fake page with a modified A HREF tag. However, it appears someone has found that eBay's actual page has a command to redirect to a specified webpage. While this shouldn't be a big risk, it still poses a small one and is being actively exploitated. The page actually appears to link to eBay and it does, the link below is the one I received in my inbox recently. http://cgi4.ebay.com/ws/eBayISAPI.dll? MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%3 1%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DA AJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrfer HCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh Simply: http://cgi4.ebay.com/ws/eBayISAPI.dll? MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com Steven steven () lovebug org
-- Jonathan Rockway <jrockw2 () uic edu> http://www.uic.edu/~jrockw2/
Current thread:
- eBay Account Phishing with eBay Redirect Steven (Feb 14)
- Re: eBay Account Phishing with eBay Redirect Josh Tolley (Feb 14)
- Re: eBay Account Phishing with eBay Redirect Nick FitzGerald (Feb 15)
- Re: eBay Account Phishing with eBay Redirect Jonathan Rockway (Feb 15)
- RE: eBay Account Phishing with eBay Redirect Thomas T. Evans, III (Feb 15)
- <Possible follow-ups>
- Re: eBay Account Phishing with eBay Redirect Jay Calvert (Feb 15)
- RE: eBay Account Phishing with eBay Redirect Israel Torres (Feb 15)
- Re: eBay Account Phishing with eBay Redirect Josh Tolley (Feb 14)