TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Online Auction Industry, B2B Trading Sites, Classified Ad Sites, Fixed Price Venues, and Malls > Online Auction Industry Discussion > Auction Sites > eBay > Frauds, Scams, and Rip Offs > Viral Porn Trojan Horses (VPTH) set loose on eBay website by Fraudsters
Full Version: Viral Porn Trojan Horses (VPTH) set loose on eBay website by Fraudsters
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

08-18-2006, 12:12 PM
From Channel Advisor CEO Scott Wingo's blog:

Quote:A new tactic (which we have dubbed VPTH) has hit eBay hard the last couple of days.  Unfortunately it's a really clever way to get lots of eBay uids/passwords AND it's very viral so it appears to be growing at an exponential rate.  

Here's how the bad guys do it:

1. They use normal Phishing techniques to get an ebayer's uid/pwd (preferably a seller with some good feedback).

2. They post toins of malicious listing to popular categories.  In the listings they:

    * Use something like porn imagery to draw heavy click-through to the listing
    * Turn on every eBay bonus feature you can imagine: bold, highlight, gallery plus, featured plus, etc. (hey they aren't paying so why not?!)
    * Lots of timese these are 1 day auctions so they are indexed quick and TnS doesn't have much time to a) find and b) react.
    * Now here's the trick - they put in the listing some malicious javascript that redirects anyone that clicks on the listing to a page at badguy.com that is 100% identical to an eBay login page and it says: "To view this item you must login".

3. Now the bad guys have tons of BUYER userid's and logins, which they then use to get into paypal accounts, launch more auctions and cause general mayhem.

4. Some of these are so clever you can't find which listing is doing it.  They'll post a porn listing and then 10 regular ones all with the javascript in there.  A seller saw one yesterday that seemed to infect every listing in the category - it somehow was changing the search results pages around.

full article and screenshots: http://ebaystrategies.blogs.com/ebay_str...raud_.html

stardust

08-18-2006, 02:21 PM
Protect your top sellers!

What's the deal with this article?  Why am *I* less important to protect that *top sellers* ??
That statement is offensive...  >Sad

regic

08-18-2006, 03:20 PM
Quote:Solution: let's switch to a "white list filter", instead of trying to find out what the bad javascript looks like, let's create a list of "good guy javascript".  Round up the CSPs (we're standing by) and we'll submit our javascript to you. Add this to a list of accepted javascript.  Then only allow javascript that is a) from that CSP and b) matches 100% the white list.  REJECT ALL OTHER JAVASCRIPT.

His solution: only allow javascript from eBay Certified Solutions Providers like Channel Advisor ... :Smile  Here is the complete list - under 40 of the thousands of eBay developer program members are CSPs. :Smile

http://developer.ebay.com/programs/certi...r/catalog/

TulipTools Internet Business Owners and Online Sellers Community > Online Auction Industry, B2B Trading Sites, Classified Ad Sites, Fixed Price Venues, and Malls > Online Auction Industry Discussion > Auction Sites > eBay > Frauds, Scams, and Rip Offs > Viral Porn Trojan Horses (VPTH) set loose on eBay website by Fraudsters