However, as shown in the video, this is nothing all that new…
For best results you’ll want to go to youtube or expand to fullscreen.
On April 1st, 2010 Red Condor Security blog published an alert regarding a phishing attack on ebaY, said to be hosting trojans and/or other executable malware on ebaY’s own servers.
Cappnonymous demonstrates the attack, and/or variant(s) thereof, has been ongoing since at least November 2009, and/or through more than one vector.
Pages/threads seen here:
Phishing Attack Posing as eBay Security Alert
Re: ebay procedural warning – Excuse Me ???
Malware showing up in eBay today JS:Pdfka-OE
Re: trojans on ebay site…beware
Virustotal.com (live page) results for :
AboutMe page used to host malicious download link
Properties of malicious/compromised AboutMe page
Virustotal results for :
from 11.08.2009 @ 15.22.23
In case no one was paying attention, the file JS Pdfka-OE you see mentioned in the video as being a false positive by a pink has turned out to be a genuine exploit from the looks of things.
It now shows as malicious on half the major virus scanners via virustotal.com. So anyone who took eb’s advice got owned.
Still, no announcement, no retraction, update, clarification… no nothing from eb?
I wonder why that is? After all, it’s only literally millions of people’s lives potentially ruined?
I can’t stress this enough, the file was and likely still is being hosted on ebay very own servers, along with the other ‘security shield’, which is still being found on about me pages.
Uploaded with ImageShack.us