However, as shown in the video, this is nothing all that new…

For best results you’ll want to go to youtube or expand to fullscreen.

Fake eBay Security Shield Phishing Attack & Malware Ongoing Since November 2009

On April 1st, 2010 Red Condor Security blog published an alert regarding a phishing attack on ebaY, said to be hosting trojans and/or other executable malware on ebaY’s own servers.
Cappnonymous demonstrates the attack, and/or variant(s) thereof, has been ongoing since at least November 2009, and/or through more than one vector.

Pages/threads seen here:

Phishing Attack Posing as eBay Security Alert
http://tinyurl.com/yczjbtd
http://preview.tinyurl.com/yczjbtd

Re: ebay procedural warning – Excuse Me ???
http://tinyurl.com/yc3o8h6
http://preview.tinyurl.com/yc3o8h6

Malware showing up in eBay today JS:Pdfka-OE
http://tinyurl.com/y89oc5c
http://preview.tinyurl.com/y89oc5c

Re: trojans on ebay site…beware
http://tinyurl.com/yeoyplh
http://preview.tinyurl.com/yeoyplh

Virustotal.com (live page) results for :
eShield.exe
http://tinyurl.com/ybd87xv
http://preview.tinyurl.com/ybd87xv

screencapture:
AboutMe page used to host malicious download link
http://tinyurl.com/yj89m2q
http://preview.tinyurl.com/yj89m2q

screencapture:
Properties of malicious/compromised AboutMe page
http://tinyurl.com/yfpzqek
http://preview.tinyurl.com/yfpzqek

screencapture:
Virustotal results for :
eShield.exe
from 11.08.2009 @ 15.22.23
http://tinyurl.com/ylcqkof
http://preview.tinyurl.com/ylcqkof

Update, 05.26.2010

In case no one was paying attention, the file JS Pdfka-OE you see mentioned in the video as being a false positive by a pink has turned out to be a genuine exploit from the looks of things.

It now shows as malicious on half the major virus scanners via virustotal.com. So anyone who took eb’s advice got owned.

Still, no announcement, no retraction, update, clarification… no nothing from eb?
I wonder why that is? After all, it’s only literally millions of people’s lives potentially ruined?

I can’t stress this enough, the file was and likely still is being hosted on ebay very own servers, along with the other ‘security shield’, which is still being found on about me pages.

virustotalmd5e4a873cd31.th.png

Uploaded with ImageShack.us