By Mark Whitehorn More by this author Published Friday 25th May 2007 22:38 GMT
There I was, on Monday night, scanning eBay for car bits. This is not a problem. I have this under complete control. I can give up buying worn out parts and rusty bits of bodywork at any time. Really.
Anyway, I spotted a real bargain, a 2007 Bentley Continental for 0.01 GBP. Since these usually retail for something in the region of £135,000 I felt that this represented a considerable saving.
Unusually for the vendor of such a prestigious vehicle, the listor had decided to post an image of a young lady in place of the car itself. I reasoned that perhaps this was his daughter and the picture was meant to show that his family also loved the car.
Screenshot showing the Bentley advert.
True, my theory didnt entirely explain why she was naked to the waist but I clicked on the link anyway, hoping to acquire a bargain.
Several screens flashed before my eyes (unnervingly like my life going past) and then good old IE7 told me that I was about to be phished. It was quite correct, I was very phished (or, as we say in the UK, phished off). How come I could be browsing eBay one moment and phished the next?
My journalistic instincts were, inevitably, hooked and I decided to investigate but first, I reported the incident to eBay to try to ensure that other poor fish were not landed in the same way. The time was 21:54.
The first step was to try to isolate the problem was it my machine or eBay? I emailed one of my long suffering Reg. Developer editors (David Norfolk) who, despite the time, obligingly tried the same listing and got the same result. So, it could be malicious code on the PC but both David and I would have to be infected in the same way; possible, but unlikely.
By repeatedly pressing PrtScr I managed to obtain a screen shot of the listing itself as it flashed past.
Screenshot showing the listing itself.
For those without a microscope, the bottom of the screen reads as:
Screenshot showing detail from Figure 3.
Weve blanked the identity of the seller because it is highly likely that he/she is innocent and the account was hijacked (see the response from eBay below).
Question - How do you hijack an eBay account in order to go phishing?
Answer - By phishing.
(Dictionary definition of recursion - see recursion.)
A little more investigation showed that the listings werent just aimed at potential Bentley owners.
Screenshot showing more dud adverts.
At about 00:15 Tuesday morning the listings finally disappeared.
Naturally, we were keen to find out what had happened: we had some evidence, including the source code of the original page, so we contacted eBay. The companys response was interesting. We first contacted it on Tuesday and, despite repeated requests, found it very difficult to get any hard information.
Eventually, on Friday afternoon, as we were going to press, we received the following:
In this particular case, a genuine user's eBay account was taken over by fraudsters who attempted to use it to post fraudulent listings. eBays systems identified the fraudulent listing and eBays customer support team moved quickly to remove it from the site and restore the account to its rightful owner. eBay takes any threat to the security of its users extremely seriously and we also work closely with ISPs and law enforcement to bring down the spoof websites we identify."
It would appear that this statement corroborates what we observed; nevertheless it is worth examining the statement in detail.
For a start, whilst it is true to say fraudsters who attempted .. to post fraudulent listing; more information is conveyed by the equally true statement fraudsters who succeeded . in posting fraudulent listings.
Secondly, there is no information here about the eBay systems that identified the fraudulent listing. Is it simply the feedback from users or are there also algorithmic systems that prowl the system looking for naughtiness?
Lets assume for a minute that eBay does have effective internal systems for detecting fraudulent listings. In that case it would be far, far better for the users of eBay if these ran proactively, before the listing was posted. If on the other hand eBay doesnt have such systems and relies on user feedback to identify fraudulent listings, the implication is that we can expect fraudulent listings to be up for an unknown period of time before removal. As a user of eBay are you happy about this? Im not.
Thirdly, it took eBay at least two hours to respond to this after it was reported. Do you consider this to be moving quickly?
As we were trying to find out exactly what had happened, an apparently related incident was also brewing.
The bottom line is that the evidence we have seen suggests that it may be possible for users to post listings on eBay that redirect off the site.
It ought to go without saying, but well do it anyway. Be careful out there.
Speaking of Skeeter, his porn addiction is why I got banned for life at Ebay. During my 30 day vacation, where I stayed away from the boards, I had emailed Eric @ Paypal and inquired about Skeeters porn site. I showed all the evidence etc... I never got a reply from Eric but two days after I emailed him, I got an email stating I was banned for life from the boards.
Bringing up the porn thing on the boards is why I originally got banned. Once I brought that up, the PS's started rolling in and Clinic came here (as Virus) informing me my days there were numbered. I sure touched a nerve.
uh... didn't I just read something right here on CAPP recently about the Pro-Paypal bored trolls using some sort of porn-related IPs or proxies to post with?
What a bunch of sleazeballs they really are, eh?
...And all those times they had the audacity to dare call this fine board "vulgar".
HRRRRMMMPPPHHHHH!!!!
As far as I know, we have not had any news coverage about porn on CAPP. Meanwhile, everywhere you turn these days there is something about ebay and porn, all the way down to IT's most viral supporter's vocations and pasttimes.
BTW, Plenty of people have now viewed the "hookers XXS redirect" videos now, and the counts are getting bigger and bigger everyday, along with the "ebay is hacked the hookers attack" vid on youtube.
moving on, Looking at some of the postings by that person over there, it sure seems plain rude, false, and very often just downright * creepy.
BTW Dan, maybe you should open a blog and post the facts for the world to see. (or make a video and post it to youtube)
So they are a little touchy about their e-porn sites huh? In that case we should devote a thread to Ebay Erotica. I wonder which porn site is Megs. You know if there is a buck to be made, Meg will be there, standing next to a Bentley.
It would not surprise me to see some of those porn sites get hacked to the ground, and their data bases plundered for user's info, credit card numbers etc.
Now wouldn't that be funny?
Oh, and Ice, BTW, some of those "hookers" in the listings were standing next to ford pintos or ford fairlanes or something. They were advertised with Honda CRX and all kinds of less expensive, non-glamorous cars.
Looks like some one took a really big one in the sphincter alrighty, IT was ebay. OMG!!! ebay Motors was sooo full of hacked listings today IT was not funny. Got TONNES on video. Keep watching!!!!
Looks like other folks all got an eyefull too, even in various not only on the ebay boards, but all over the place.
Of course, the porn is ONE thing, the redirect is QUITE another. That redirect can be put in ANY listing.
I wonder if the hackers realize that? Because they could really, really clean up by changing their tactics just a tad on that site, with that hole.
Not only is ebay motors under mass attack, the entire site is FULL of hacked listings right now. Hilairious! On the heels of some phoney baloney press releases about quelling fraud, revamping site etc. Bwhahahahaha!!!