ebaY_Phishing1(Updated, see below)

ebaY members are reporting to have received a very curious promotional email, allegedly from ebaY: “Get $10 for every friend who starts selling on eBay” Specifically from the sell-it-now.ebay.com domain, however they are not receiving it in their ebaY messages. There is no announcement, no pink (or blue) replies on any forums, nothing on their front page animated banner etc thus far.


Not to surprising info posted over at krebsonsecurity.com.

Active, hacked or phished Paypal accounts found for sale on yet more venues. For those not paying attention, there are entire sleazy industries surrounding all things ebaY & Paypal. This particular type has been exposed time and again.

Please don’t overlook the very real possibility they could all be insider fraud, as Paypal’s own documents show.

I say this because ebaY and PayPal  have been very quick and thorough to silence criticism and exposure of embarrassing facts, yet these highly fraudulent sites remain. EbaY allows as many accounts as a person wishes, and Paypal does little to nothing to verify people at the gate. Rather, they wait until funds are in one’s accounts, then seized, after the fact, under any number of false or invalid reasons, until you are “proven worthy“.

It’s pretty obvious that the members are being used to subsidize fraud and failure, and to cover PayPal’s losses, which are bourne of their very own lackwit policies and practices IMO.

The very best thing you can do is avoid PayPal and ebaY. Close both your ebay and Paypal accounts and do whatever you need to to be sure they cannot access both your bank accounts and credit cards.

Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via xssed.com

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks

Romanian Detained Over eBay Cyber Fraud

Romanian detained over a $3 million cyber fraud against eBay Inc.

Very interesting article from abc news:

Romanian authorities have detained a man suspected of committing cyber fraud worth $3 million against the company eBay Inc.

Organized crime prosecutors say Liviu Mihail Concioiu is being investigated for “phishing” attacks against 3,000 of eBay Inc. employees.

They said Thursday that Concioiu allegedly stole the employees’ IDs and passwords in 2009 and accessed company files, including an application with the data base of eBay clients and their transactions. Concioiu then used “phishing” sites to access the accounts of about 1,200 eBay users.

It would appear the ebay database has been hacked, cracked, and zombied AGAIN.

(or is that still?)

Also notice how the term ‘phishing’ is constantly used.  ebaY doesn’t like the “H” word it seems. But “phishing” alone does not get you access to the files and data described. We call that “HACKING

rotflmao! Who could imagine?

It also tells us that ebay employees must not be too savvy if they are falling for whatever tricks are being used to gain the logins etc.

No mention of any response from ebay.

With IT’s long and repeated history of such events, you should ask yourself whether you trust this unsafe outfit with your personal and financial data?

PayPal fails to follow its own anti-phishing advice

Hilarious! This has been reported and demonstrated over and again. My only conclusion is that PayPal themselves must be behind a good deal of the phishing and attempts thereof.  It’s a Pavlovian thing. (BTW, ebay still does it too.)

What other possible explanation could there be?

If ebaY and PayPal were truly interested in combatting phishing they would send emails with no html, no links etc. No one should know that and be more aware than they.

Here are some highlights from the article posted on September 9 2010 on Helpnet Security

“According to The Register, PayPal UK has violated its own anti-phishing advice when it sent out an email containing a direct link to the updated user agreement to its users, because one of the tips on avoiding phishing scams contained in the quiz says that the users should “always log into PayPal by opening a new browser and typing in the following: https://www.paypal.com.”

PayPal confirmed that the email is legitimate, but points out that it also contains the information that the users can type paypal.co.uk into the browser if they aren’t completely sure that the offered link is safe to click on.

“PayPal does not advise people not to click on links in emails, rather to exercise caution. Users are advised to check the URL of any link to make sure it does not direct them to something unexpected, as you know they can do this by hovering their mouse over the link,” it says in their comment.

Do you trust this outfit with your personal and financial data?

However, as shown in the video, this is nothing all that new…

For best results you’ll want to go to youtube or expand to fullscreen.

Fake eBay Security Shield Phishing Attack & Malware Ongoing Since November 2009

On April 1st, 2010 Red Condor Security blog published an alert regarding a phishing attack on ebaY, said to be hosting trojans and/or other executable malware on ebaY’s own servers.
Cappnonymous demonstrates the attack, and/or variant(s) thereof, has been ongoing since at least November 2009, and/or through more than one vector.

Pages/threads seen here:

Phishing Attack Posing as eBay Security Alert

Re: ebay procedural warning – Excuse Me ???

Malware showing up in eBay today JS:Pdfka-OE

Re: trojans on ebay site…beware

Virustotal.com (live page) results for :

AboutMe page used to host malicious download link

Properties of malicious/compromised AboutMe page

Virustotal results for :
from 11.08.2009 @ 15.22.23

Update, 05.26.2010

In case no one was paying attention, the file JS Pdfka-OE you see mentioned in the video as being a false positive by a pink has turned out to be a genuine exploit from the looks of things.

It now shows as malicious on half the major virus scanners via virustotal.com. So anyone who took eb’s advice got owned.

Still, no announcement, no retraction, update, clarification… no nothing from eb?
I wonder why that is? After all, it’s only literally millions of people’s lives potentially ruined?

I can’t stress this enough, the file was and likely still is being hosted on ebay very own servers, along with the other ‘security shield’, which is still being found on about me pages.


Uploaded with ImageShack.us