Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Trojans, Malware and Exploits on ebay and ebay forums


Top Poster

Status: Offline
Posts: 1446
Date:
Trojans, Malware and Exploits on ebay and ebay forums


Please use this thread to help document this problem. All one must do to be sure that ebay is an unsafe and dangerous website is to GOOGLE it.

Here are just a few of many, many examples.

Mutant of Feebs Trojan uses elaborate eBay fraud

Beware of Trojan Horses!

Downloader-AAP.c

AntiVir Virus Descriptions

I could go on and on and on, but why? The facts clearly show you are at risk just visting the site. I wont even bother mentioning the cross scripting error (oops, maybe I will :^) )which is still unresolved. (The one which allows redirects to fake/phishing sign in pages, still rampant on ebay)

Please be sure to secure your computers. Also, if anyone gets a warning or infection, make screenshots, save reports/logfiles etc, and post them in order to help protect unsuspecting consumers.



-- Edited by anonymous at 21:38, 2007-02-28

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1446
Date:
RE: Trojans and malware on ebay


(bolding by poster)

Active Exploitation of Cross-site Scripting Vulnerability in eBay.com
added April 3, 2006 | updated April 13, 2006


US-CERT is aware of an active exploitation of a cross-site scripting vulnerability in the eBay website. Successful exploitation may allow an attacker to take various actions, including the following:

* Obtain sensitive data from stored cookies
* Redirect auction viewers to phishing sites where further disclosure of login credentials or personal information can occur
* Create auctions that use script to place login areas on the eBay website, where credentials may be sent to a remote server with malicious intent

More information about the reported vulnerability can be found in the following:

* CERT Advisory: CA-2000-02 - Malicious HTML Tags Embedded in Client Web Requests
* Vulnerability Note: VU#808921 - eBay contains a cross-site scripting vulnerability

Until a practical solution or more information becomes available, US-CERT recommends the following:

* Disable Scripting as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
* Add "ebay.com" to the Restricted Sites zone in Internet Explorer.
* Validate web site addresses as described in the eBay Spoof Email Tutorial and Cyber Security Tip ST04-014.
* Validate web site certificates as described in Cyber Security Tip ST05-010.


We will continue to update current activity as more information becomes available.

-- Edited by anonymous at 12:07, 2006-07-28

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1446
Date:
RE: Trojans and malware on ebay and ebay forums


This just post by a very concerned and knowledgable poster at the PayPal board.

(Thanks, specialforcesrus)


Jul-28-06 09:00 PDT 15 of 15


Maybe some NEW issues have come up since these were posted:

Possible Security Issues In LiveWorld Products
http://www.gulftech.org/?node=research&article_id=00044-08232004

LiveWorld Products Allow Remote Users to Conduct Cross-Site Scripting Attacks

Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the LiveWorld software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
http://www.securitytracker.com/alerts/2004/Aug/1011036.html


LiveWorld has an unsatisfactory BBB rating
http://www.bbbsilicon.org/commonreport.html?bid=218756






__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Going for the Medal!

Status: Offline
Posts: 52
Date:

I've read on the Paypal board that several of you are having problems with viruses when reading the board, you say that your monitors shut off. Do you by any chance have HP monitors, specifially the HP Pavilion F1703 model ? If so, and it was produced before a certain date, there is a problem with the monitor. I had one of the eariler ones that kept doing this, eventually it would not come on at all. A component in the monitor was faulty and had to be replaced. If you go to www.dell.com and input the monitor number you will see this problem described.


I have to say though, their CS is 10 time worse than Paypals and I had to call them four times, each time on the phone for over an hour, before they would recognise my problem and send me a new monitor.


I read the Paypal site and the Trust and Safety site on Ebay ever day, and have never had anything pop up saying I have a virus. I also read PP Sux website daily and, despite what people are saying over there, have also never had "my computer light up like a christmas tree".


I think some people just do not know how to run their computers properly and have these problems become non existant.



__________________


Top Poster

Status: Offline
Posts: 1446
Date:

I agree.

Even though there is and has been undeniable proof that of tracking cookies and even virus of various types, redirected spoof sign-in pages etc, exist or have existed on ebay, I have yet to see any trojan warnings at the ebay forums.

I also have yet to see any warnings at any of the so called anti sites. Just the same I always disallow scripts at all sites unless and until needed, and do not click any links without knowing what they are.

I find it curious that no one will come forward with a screenshot and a report/logfile to support their claims, regardless of the posters POV, or the site in question.

For the poster with the monitor turning off, the odds are that it is an internal thermally intermittant problem, a problem with a cable and/or connection, a failing cRapacitor, truly too many variables apply to that scenario. Modern electronics have a certain amount of planned obsolescence due to cheaper design and manufacturing techniques.

I would hope that any asked to provide screenshots and logfiles would realize that this would be of more importance than any dislike of PayPal, ebay, or personal disagreements with various other posters regardless of their POV.

Again, if anyone making any claims about any site needs to back up those claims with evidence.





__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1069
Date:

If you're on the PP board, can liveworld try to bombard your computer?  Only when I'm there does my firewall explodes into action.  About ever 30 seconds, something is trying to hook up to my computer but it doesn't start  until I've been there for awhile.  Sometimes what is trying to gain access is the same over and over, but alot of them are different, and through different ports.  I don't know why.


  



__________________
Feel your way 


Top Poster

Status: Offline
Posts: 1446
Date:

You need to read the logfile of the firewall. It will tell you details.
If you use Internet Explorer you are also at higher risk.

-- Edited by anonymous at 19:52, 2006-07-30

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1069
Date:

Ok, I'll check. and I do use Internet Explorer. Thanks.  Catch you later.

__________________
Feel your way 


Top Poster

Status: Offline
Posts: 1446
Date:

Hmmm, I just now saw this Ice.


ice*blue*eyes (0 ) View Listings | Report Jul-28-06 14:46 PDT 37 of 87
In fact here you go.
C:\System Volume Information\_restore(F2681A7D-91E5-401A-AC8B-015335799DCO)\RP376\A0032040.exeDType99
File A0032040.exe W32/Threat-Trojan-Bloop-Based! maximu:

Only here. No place else!! Whats it all mean MIKE? And why does it only happen here?

If that happens again, while the alert is still on your screen, make a screenshot by pushing the "PrtSc" key, then open your standard paint program, select "edit", then "paste". Save, and post it here, along with the logfile report. (what program is detecting this, BTW?)

You may want to read this too.

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1069
Date:

K, Thanks.

__________________
Feel your way 


Top Poster

Status: Offline
Posts: 1446
Date:

IceBlueEyes wrote:

K, Thanks.

Yes Ice, be sure to get a screencap of anything like that, regardless of where ever it is, meaning either here, there, or at the other pp related site.

I see someone else posted this:
leng****** (2** ) View Listings | Report Jul-28-06 12:51 PDT 29 of 87
In my case they were the following: jkhhhed.dll found on \windows\system32 is goes on to say Trojanhorsedownloader.generic2.dcc
The other that I have info on was Ao134460.dll found in systemvolumeinformation\_restore{ABBB90EE-BBE1-4BC and called trojanhorsedownloader.generic2.dcc
and the other was servicehosts.exe found in windows\system32\ and the name was trojanhorseIRC/backdoor.sdbot2.ARI

A little googling about that one shows it is a recent vintage also. Not sure how it could be tied to ebay, but I believe the same poster reported that he/she had a tech clean it, and that was the Techs report.

-- Edited by anonymous at 19:15, 2006-07-31

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Going for the Medal!

Status: Offline
Posts: 52
Date:

I take back what I said about the Paypal Sux website. I've just read my log from Nortons and, as someone over there said, if I had my alerts turned on so that every one popped up for me to see, my computer would have lit up like a christmas tree, unbelievable. Thank God for Anti Spyware.


Have a good weekend all and try not to get banned from posting on the Paypal board.



__________________


Top Poster

Status: Offline
Posts: 1446
Date:

virusesrus wrote:

I take back what I said about the Paypal Sux website. I've just read my log from Nortons and, as someone over there said, if I had my alerts turned on so that every one popped up for me to see, my computer would have lit up like a christmas tree, unbelievable. Thank God for Anti Spyware.


Have a good weekend all and try not to get banned from posting on the Paypal board.



If that is true, please post a screenshot and a logfile/report. Use the PrtSc key, then open your standard paint, select edit, then paste. Save as, etc.

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Going for the Medal!

Status: Offline
Posts: 52
Date:

I tried the Prtscrn and then copy/paste, but for some reason this does not work on my computer / keyboard.

__________________


Top Poster

Status: Offline
Posts: 1446
Date:

virusesrus wrote:

I tried the Prtscrn and then copy/paste, but for some reason this does not work on my computer / keyboard.

If you cannot post evidence, then you cannot be believed.

If the site in question did indeed have virus, spyware etc, it would have been a reported fact by now.

Can you provide even one single bonafide independant report of an occurance of malware originating from, or associated with the site? Perhaps from a anti-virus software firm for instance something like this or even this?

I doubt you can.

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Going for the Medal!

Status: Offline
Posts: 52
Date:

Even if I could you wouldn't believe me, you'd just say I doctored the screen.


I used to do a copy screen of my selling activity on the PP board ( minus my ID of course ) and was always told that I had doctored it, so really, there is no point doing anything like that because I am always going to be wrong and you are always going to be right.


That's why this board is so one sided.



__________________


Senior Member

Status: Offline
Posts: 417
Date:

That has got to be one of the sorriest excuses i've ever heard of.

The reason this board is "one sided" is because your cronies are too frightened to post here. They don't want to leave the safety of a board that is rife with censorship. Get a clue moron.

__________________


Going for the Medal!

Status: Offline
Posts: 52
Date:

have you been banned from posting over there yet Capt Caveman ?


Shouldn't be long now.



__________________


Top Poster

Status: Offline
Posts: 1069
Date:

And yet they lurk here all the time.  If fact one of them responds over there to what I say about her here, reiterating what I say here, then swears she never comes here. 


Hey virus, What makes you think they are gunning for Caveman?  Are you their spy?



__________________
Feel your way 


Senior Member

Status: Offline
Posts: 417
Date:

Keep trying there virus.

Your really starting to bore me though.

Whats with the Capt? Do you think I'm janeway?

You are the biggest d!psh!t I've ever seen. If you ever really used that pea brain of yours you'd realize I only post with one ID everywhere instead of being a frightened baby like you.

Only dantard could be this stupid.


__________________


Top Poster

Status: Offline
Posts: 1446
Date:

virusesrus wrote:

Even if I could you wouldn't believe me, you'd just say I doctored the screen.


I used to do a copy screen of my selling activity on the PP board ( minus my ID of course ) and was always told that I had doctored it, so really, there is no point doing anything like that because I am always going to be wrong and you are always going to be right.


That's why this board is so one sided.




Produce even one bonafide independant report of such.. If you cannot, then the threshhold is a screenshot AND a logfile. Produce both, so that the conditions and the results can be duplicated by others, and verified by independant observers.

Even though we all believe you are not clever enough to make a screenshot, let alone doctor one up, at the same time, I already know for a fact you cannot produce them regardless. You, and anyone else making the claim are simply being deliberaterly untruthful, and if there were a shred of proof, it would be common knowledge by now. (you know, like it is common knowledge that PayPal sucks and so does sleazebay)



__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1446
Date:

Just bumping this so that no one forgets all the reasons why it is dangerous to use ebay, and to ponder;

Why is ebay not on "the blacklist"?


HRRRRRRMMMMMPPPPPPHHHHHH!!!

Note that the cross scripting exploit has been posted about numerous times. All mentions of it on the sleazebay boards have always been pulled.


__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1069
Date:

Check your cookies after logging on to e-bay.  They do more spying than the CIA.  Is there any level they DON'T suck on?


__________________
Feel your way 


Top Poster

Status: Offline
Posts: 1069
Date:
RE: Trojans, Malware and Exploits on ebay and ebay forums


What is the best defense against e-bay Trojans?


__________________
Feel your way 


Top Poster

Status: Offline
Posts: 1446
Date:

best defense against ebay trojans?



__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Senior Member

Status: Offline
Posts: 202
Date:

"best defense against ebay trojans?"

Don't use ebay.

__________________


Top Poster

Status: Offline
Posts: 1446
Date:

284dan wrote:

"best defense against ebay trojans?"

Don't use ebay.


Good Call!

IT dont get much more simple than that.


 



__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Top Poster

Status: Offline
Posts: 1446
Date:

Trojans and Hackers and Scammers! Oh My!!!

__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal


Senior Member

Status: Offline
Posts: 134
Date:

that place has been infected for a long time, you know that

__________________


Top Poster

Status: Offline
Posts: 1069
Date:

My anti virus lights up like a Christmas tree when I go to e-bay, and TONS of spyware.   Thanks e-bay.  And have we thanked you lately for Screw-up Slandy? 



__________________
Feel your way 
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard