At the Technical Issues forum on ebaY there is a thread: Warning: Something’s Not Right Here! contains malware.

Here’s the pertinent text:

Never had this happen before, but I was looking at a list of listings for jackets and when I clicked on one of the auctions I got the below message. Now i’m paranoid

Warning: Something’s Not Right Here! contains malware. Your computer might catch a virus if you visit this site.Google has found malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.We have already notified that we found malware on the site. For more about the problems found on, visit the Google…

(Followed by a long link of [snipped] gibberish text.)

Sure enough if you go to the link supplied there by the original poster, you’re met with a Reported Attack Site page. Click to enlarge, opens in new tab or window

ebay reported as attack site

This is hardly the first such warning for ebay. They’ve been showing malware, drive-by downloads, trojans and assorted exploits present on ebaY for a long time now at Google’s Safe Browsing page for At this very moment Google shows:

What is the current listing status for

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 40 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 361401 pages we tested on the site over the past 90 days, 134 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-22, and the last time suspicious content was found on this site was on 2012-08-20.Malicious software includes 10 scripting exploit(s), 10 trojan(s).

Malicious software is hosted on 28 domain(s), including,,

37 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including,,

This site was hosted on 37 network(s) including AS11643 (EBAY), AS4436 (AS), AS20940 (AKAMAI).

I posted a short  video demonstrating this risk last fall. Since then there hasn’t been a single day that ebaY showed malware free.

Then there’s also the grandaddy of them all, the long uncorrected ID stealing xss flaw. Thirteen years now? roflmao!

Make no mistake, the risks along with the consequences are real. In short, if you even land on one wrong page at sleazebay, you’ll spend years cleaning up the mess.

Do you trust this outfit? How can anyone?

The only good reason to visit the ebay site is to close your account if you haven’t done so yet. Don’t forget, ebay’s stated policy is to blame the victims of fraud.


Readers here may want to see this

Not surprisingly, the cross scripting, xss,  and/or flash manipulation scam is alive and well on ebay, this time documented by a casual observer.  This has also been documented time and again by myself and others on Youtube BTW.

For those not aware, these ID stealing flaws, through careful research, have been shown to exist uncorrected on ebaY for as long as 11+ years now.

What’s even more alarming: you don’t need to actually sign in to any phake login page to have your credentials stolen, thanks to the cookie stealing variant of this hack.

Top that off with the fact that ebay’s own policy is to blame the user/victim.

Numerous comments at my youtube videos also indicate that victims are treated poorly and unprofessionally by ebaY’s customer service reps.

Important facts to consider when choosing online shopping or even surfing destinations.


Ebay scam redirect camper van

Uploaded by on Jun 8, 2011

hi, im not even a ebay member, but was looking at camper vans, if its to good to be true it probably is, dont be foolish and loose your details or money, thanks for watching. can you trust this site, i think not. thanks for watching. please remember if you do buy something like this you part with your money you will have no comeback, yes thats right, do your checks aa rac whatever, dont part with your money on the descriptions(important) alone on this site you could end up with a pile of poop. hpi only shows recorded accidents, not accidents repaired by other means, so get it checked. dont believe these lying scum.


Update: for whatever reason that video has been removed. Anyone wishing to see it can leave comment below and we shall make it available from the Mighty Cappnonymous Archives

Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks

Meg Whitman ebaY Porn and Trust Fail

by Cappnonymous

Huge scandal and epic Meg fail which went on and on…

We sure would not want anyone to forget these events.

For best results, watch at youtube and/or expand to fullscreen. All the pertinent details and reference links are included in the video description area there.

As I mentioned in the last post I made here, I’ve uploaded a quick video proving the XSS, cross-scripting, ebayla bug, ebayla virus… javascript exploits by any name have persisted upon the ebaY site for over a full decade. Over 11 years.  Since before the term “XSS” was even born. Ebay has been aware of the issues that long.

Not only that, but they have reversed previous high-visibility public announcements of plans to control the use of active scripting content. In short they went back on their word and more-less buried the announcement thereof.

For best results view at youtube or expand to full screen. There is a complete url list of the pages seen in the video description area there.

I think the video says it all.

Do you trust this outfit with your financial and personal data?

Who could imagine?

The long uncorrected xss flaw rears it’s ugly head again!

Auctionbytes reporting that has again discovered listings with the malicious coding, this time with a virus twist.

The most important and telling quote of the article:

“They used javascript and java to address a known vulnerability; user’s computers were affected by just viewing the respective listings,”

See that part about “…just viewing the respective listings…” ?

That is one of the main reasons I advocate avoiding ebaY at all costs. Another is that they BLAME the USER for their own failures! Furthermore, they refuse to correct the flaw! Make no mistake, ebaY is a dangerous, untrustworthy, and dishonest website. Of that there is proof beyond the slightest shadow of a doubt!

ebaY is HACKED! Yes! ebaY is still HACKED!!!

Here is the report, with screencapture images, in English at falle-internet

My research indicates this issue has been onging at ebaY for about 10 full years now. Perhaps not under the same name, but indeed cross-scripting has been exploited on ebaY since before it even had that name. Ebay has been aware of the issue for that long also.  Since looooong before the US-CERT warning was posted. Bear in mind there are many variants of this exploit possible to use. It’s been used also for the redirects, and for cookie-stealing etc. The possibilities are only limited by the hacker’s imagination and ebay’s steadfast refusal to secure it’s festered site

I’ll be posting another video demonstrating the +/- 10 year longevity of the xss flaw on ebaY before long at the Cappnonymous channel

Very interesting read. Points to ebay lack of due diligence to protect users & visitors to the site, and Phishing/organized crime links. Follow links, read comments, leads to live xss listing on video, and the possibility that a DDoS attack could be launched “on* *eBay’s* *own* *servers”, using malicious coding which ebay allows in all listings

read more