Account hijackings at eBay that may be related to a security flaw on the eBay site.The hijackers are using a redirected page on the eBay site to phish account info.
At least 429 listings from multiple sellers altered/hacked. The hijackers only change to the listings is adding an email address with a message to contact seller via email.
Quote:The sellers all had their accounts stolen with this question,
Q: Hello, My name is Ace Schmidt. I just saw this item of yours and I remember seeing the same item two days ago, take a look:
Code:
http://search.shipping.ebay.com/?fcid=1&fpos=90210&vlm=1&requesturl= http%3A%2F%2Fsearch-completed.ebay.mydyn.net/ws/eBayISAPI.dll.php?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&save=Save
Please note the URL
The scammer is routing through ebay's servers and having ebay send the victims to his scam login page.
The scammer's url comes after the (requesturl) in the above URL
PLEASE DO NOT CLICK ON THE LINK IF YOU ARE NOT SURE WHAT YOU ARE DOING!
Quote:Massive, worldwide, multiple user hijacks 
just*abby (0 ) View Listings | Report Feb-17-07 18:26 PST
Hi
Im after a bit of help and support for the UK boards.
Its hearly 2.30am here, and a massive global multi-hijack scam has been discovered.
Search for the words "Dont forget to include the item number in your message" in worldwide listings and you'll find the problem
http://forums.ebay.com/db2/thread.jspa?t...1000442423&start=0
http://forums.ebay.co.uk/thread.jspa?thr...1200089939&start=0
Quote:Please note the URL
The scammer is routing through ebay's servers and having ebay send the victims to his scam login page.
Phishers did the same thing using a redirected page on eBay Motors last October. :
The Auction Guild, February 1, 2007
http://www.auctionguild.com/generic148.html
Cons In Control of ebaY
Those of us who have watched ebaY from a users perspective, for many years, have seen an every increasing ability for scammers to manipulate the site. In the last year, this access has gone from being outside manipulation of flaws and stolen personal information, to complete inside control.
These are the facts:
Every day thousands of listings from China selling brand name counterfeit goods are listed using hijacked accounts. These are usually 1 day listings, the accounts used fit a standard profile and are often accessed in alphabetical order. These listings are for brand name clothing, DVDs, sunglasses, and expand into other categories regularly. The scammer does not need a password to access these accounts.
ebaY Motors has ever increasing fraudulent listings. There are redirects from ebaY search results, manipulation of information in valid running listings, and ever more sophisticated cons, in addition to the all American fraud, found in some used car salesmen, that has been a caricature in our society since the advent of the automobile.
There is a brilliant hacker/codewriter who uses the moniker Vladuz, who makes ebaY his specialty. He has been writing ebaY hacks since 2003, as far as we can trace. This individual recently sent us a link to his latest hack, a tool that he posted on Firefox's plug ins. There have been several screen shots of ebaY's control utilities database posted on the net, on ebaY and off, all with a visible Vladuz watermark on the pages. Vladuz made the posts on ebaY, as far as TAG can tell.
ebaY knows about this problem, and has been removing any threads that appear on their site about it. They just removed a long running thread on ebaY DE, one on which Vladuz has posted on under various guises, including hacked ebaY pink accounts. At the end of December, TAG contacted ebaY through their Trust and Safety live support, and specifically told them what was going on. ebaY cannot say they did not know.
Here is what we have theorized based on all we have seen, and the facts we have:
Vladuz appears to have written a program that gives the scammers complete access to what we are calling ebaY's back end. This back end is the control utilities database used by ebaY, to track everything on their site, that contains all information about ebaY employees and its users. The following images are samples of what Vladuz has made available to the scammer marketplace.
The scammers who have purchased, or otherwise acquired the Vladuz access programs, appear to be able to manipulate the account information of every registered user ID on ebaY. They can monitor in real time what is happening in an account, read email sent through ebaY's system and respond to it through ebaY's system, change any parameter in the user ID account, so, for example, they can receive the PayPal payments the legitimate account holder would have otherwise received. They can add or remove information on a currently running listing without the legitimate account holder knowing it, and conduct business as they please; using all the hijacked accounts they please. No password access is needed. In the article ebay Insider Hijack Scam? we theorized that this was being done by an ebaY insider, as that was the only thing that could explain what we were observing. What we did not realize, and what even TAG found hard to believe, was that the scammers now had insider access, not by working for ebaY, but by using the program built by Vladuz.
The Auction Guild, December 16, 2006-January 4, 2007
In trying to analyze what was going on, it appeared that the hijacker or hijackers had to have access to accounts independent of passwords, and have the ability to set account parameters so the legit account holder would not know what was going on. If this is so, it either points to someone working inside ebaY, or to a security hole so big, you can drive a tractor trailer through it. Neither situation is tolerable.
whole article: ebaY Insider Hijack Scam?
http://www.auctionguild.com/generic146.html
dimucci, ty for the article!
This is totally.........I can't find words.
All owners of hijacked accounts should be aware that ebay is aware of this situation and can therefore be held liable.
Quote:All owners of hijacked accounts should be aware that ebay is aware of this situation
Mass panic would ensue after Ebay made the announcement.
more from TheRegister:
Quote:A hacker has once again managed to pilfer eBay credentials that allow him to masquerade as an official company representative even as he taunts eBay officials on the company's message boards. It's at least the second time the person going by the name Vladuz has pulled off the prank, which is causing many users to question the adequacy of eBay security...
A [eBay]spokesman said he was unsure if the hacker has access to the company's intranet, but said even if he does, he wouldn't be able to acquire much more than employee phone numbers and employee news. Just two days ago, eBay officials said they had quashed Vladuz's access to employee parts of the network, a claim the spokesman says now appears to be incorrect.
full article:
http://www.theregister.co.uk/2007/02/23/...kes_again/
EDIT: Some morons are actually cheering the hacker's crimes. The criminals at the CAPP forum (a cyberstalker infested pit) have taken time out from their daily routine of stalking eBayers and committing auction interference to cheer the hacker in his cyberterror campaign of identity theft and fraud.
You left out the words 'low IQ' and 'braindead'.
Ebay. 