New eBay fraud tactic: Viral Porn Trojan Horses (VPTH)
A new tactic (which we have dubbed VPTH) has hit eBay hard the last couple of days. Unfortunately it's a really clever way to get lots of eBay uids/passwords AND it's very viral so it appears to be growing at an exponential rate.
Here's how the bad guys do it:
1. They use normal Phishing techniques to get an ebayer's uid/pwd (preferably a seller with some good feedback).
2. They post toins of malicious listing to popular categories. In the listings they:
- Use something like porn imagery to draw heavy click-through to the listing
- Turn on every eBay bonus feature you can imagine: bold, highlight, gallery plus, featured plus, etc. (hey they aren't paying so why not?!)
- Lots of timese these are 1 day auctions so they are indexed quick and TnS doesn't have much time to a) find and b) react.
- Now here's the trick - they put in the listing some malicious javascript that redirects anyone that clicks on the listing to a page at badguy.com that is 100% identical to an eBay login page and it says: "To view this item you must login".
3. Now the bad guys have tons of BUYER userid's and logins, which they then use to get into paypal accounts, launch more auctions and cause general mayhem.
4. Some of these are so clever you can't find which listing is doing it. They'll post a porn listing and then 10 regular ones all with the javascript in there. A seller saw one yesterday that seemed to infect every listing in the category - it somehow was changing the search results pages around.
In the last two weeks this scheme is happening more and more frequently. Yesterday the entire shoe category was full of these things.
Here's a real world example from yesterday (the black boxes are mine as this is a family oriented blog)->
If you saw this and clicked on the first listing, then entered your user ID and password, you can say goodbye to your ebay identity, potentially your paypal plus your account would be harvested for emails and you would be on every spammers list very quickly. Most likely your password would be immediately changed (I'm sure they have spiders for this) and your account added to the hijacked list, then more listings would be introduced from your account (this is where the geometrical progression/viral part of the scheme comes in).
Buyer and seller tips to avoid this scheme:
1. Never ever ever click on a link in an email.
2. Whenever you do login to eBay, make 100% sure to look at the URL and make 100% sure you are at ebay.com (the front part, one trick these guys use is they make the URL so long it's truncated in the addr field and you see the back end and miss the badguy.cz part)
3. eBay's advice would be to use the eBay toolbar, I'm not sure that would help in this particular situation and there isn't a big penetration of the eBay toolbar.
4. Sellers - use something like this with your employees, it will catch these bad logins: http://www.roboform.com/pass2go.html and keep your login info more secure.
5. Finally (and I know this is a tough one), if you see some porn in a category that doesn't seem to make sense, I'd recommend fighting the urge to click on it. ;-)
Trust and Safety at eBay, we implore you:
0. You guys have a tough job, these bad guys are really targeting eBay heavily and we feel your pain. But, eBay just makes it too easy for this to happen, let's raise the bar much much higher!
1. eBay must immediately stop the practice of having any links in any eBay emails. The pay now button, the yellow button, outbid notices, payment reminders, feedback reminders, all of these emails have clickable links and the phishers are insanely good at faking these messages. I'm sure folks in marketing will fight this ("buyers won't come back, etc."), but this is such a widespread problem that we have to collectively take that risk. If buyers feel safe they will spend more long-term, let's focus on that vs. some short term concern over the "pay now" button not going out in an email.
Bottom line: PLEASE NO LINKS IN EMAILS PAYPAL AND EBAY!!!
2. Javascript in listings is very useful for many instances. In fact we at ChannelAdvisor and many other CSPs use it to track traffic patterns, search patterns, counters, etc. Today trust and safety has some filters that look for certain javascript words that indicate the javascript will be malicious, but in the world of programming you can get really clever with this stuff and a "reactive filter" will never work.
Solution: let's switch to a "white list filter", instead of trying to find out what the bad javascript looks like, let's create a list of "good guy javascript". Round up the CSPs (we're standing by) and we'll submit our javascript to you. Add this to a list of accepted javascript. Then only allow javascript that is a) from that CSP and b) matches 100% the white list. REJECT ALL OTHER JAVASCRIPT. Sure some sellers use it to have dancing money, flying ponies, singing uncle sam, but let's face it, we can live without that stuff and suffer some short-term pain with sellers if we can 100% guarantee no more malicious javascript.
3. (bonus solution) The phishers also are somehow (maybe there's a database out there?) able to use the seller and bidder/buyer's ID on eBay and match that to an email for the buyer/bidder and leverage that information to very cleverly send out these outbid notice, paynow notice, fake second-chance-offers, and make them look like they come from the seller etc. No third party should be able to inject themselves into the transaction and hiding emails isn't working so it's time to somehow obscure or mask ebay user IDs. Only the seller should see the ID of the winning bidder. In fact, maybe sellers shouldn't see the underbidders (let eBay handle SCOs) and the seller ID should be somehow obfuscated as well.
4. The eBay login screen should have a spider defeater (CAPTCHA thingy) on the login forms so that spiders can't fill these out.
5. Send all top-sellers a free ebay-branded, USB-powered ebay password encryption system and turn off the site for these sellers. Something like this solution: http://www.roboform.com/pass2go.html
6. There are all kinds of low cost new devices and technologies for security. This company has a biometric FOB. Many citibank customers now get a special encryption device that downloads a unique number you enter into the web page to prove its you.
Protect your top sellers!
You have a very good blog that the main thing a lot of interesting and useful!
Posted by: Viagra Kaufen | January 28, 2010 at 01:19 AM
hello friend excellent post about New eBay fraud tactic: Viral Porn Trojan Horses (VPTH) thanks for sharing!!
Posted by: viagra online | January 19, 2010 at 02:58 PM
amazing blog about New eBay fraud tactic: Viral Porn Trojan Horses (VPTH)
Posted by: Viagra Online | December 18, 2009 at 08:59 AM
hey buddy nice post about New eBay fraud tactic: Viral Porn Trojan Horses (VPTH) thanks for sharing
Posted by: buy viagra pills | December 16, 2009 at 12:00 PM
hello friend excellent bog about New eBay fraud tactic: Viral Porn Trojan Horses (VPTH) this topic is very interesting to prevent virus in the OS
Posted by: Viagra Online | December 03, 2009 at 12:06 PM
Providing a range of natural herbal products including skincare products, womens health products, weight loss products, mens health products. Visit : http://www.theherbalproducts.com
Posted by: Penis Enlargement | May 04, 2009 at 07:01 AM
If anyone is willing to spend big dollars on hgh just to increase penis thickness.
I reccommend you buy a Vigrx plus to permanently increase penis length too while using the high
Penis pills
http://www.penisenlargementv.com
No vigrx plus doesn't make your penis thinner, actually thicker
If you are willing to spend hundreds or thousands of dollars on human growth hormone to increase
penis size then i reccommend you buy a Vigrx plus (You can ask a liscenced doctor about info on Vigrx plus)
Posted by: penis enlargement | December 01, 2008 at 10:15 AM
If anyone is willing to spend big dollars on hgh just to increase penis thickness.
I reccommend you buy a Vigrx plus to permanently increase penis length too while using the high
Penis pills
http://www.penisenlargementv.com
No vigrx plus doesn't make your penis thinner, actually thicker
If you are willing to spend hundreds or thousands of dollars on human growth hormone to increase
penis size then i reccommend you buy a Vigrx plus (You can ask a liscenced doctor about info on Vigrx plus)
Posted by: penis enlargement | December 01, 2008 at 10:14 AM
How about protect your customers of every size eBay??
Also, can people stop referring to eBay's customers as eBay seller's. We are not eBay's sellers. eBay does not employ us, rather it is quite the opposite. Maybe if everyone quit referring to themselves and other people who sell on eBay as eBay's sellers and instead referred to themselves and others as the reality of the relationship we have with eBay - their customer's - maybe they would get back in touch with reality. Really these lunatics actually believe we are employees selling their merchandise. It is pure insanity
Posted by: Mechelle | November 16, 2008 at 10:18 AM
i want to purchase tomorrow
Posted by: nandkumar | November 03, 2008 at 11:48 PM
penis enlargement pills
Posted by: penis enlargement pills | October 03, 2006 at 12:59 PM
The fact that anybody can leave feedback on
ebay that can either ruin a seller is not the point, I have known sellers that have simply been delayed in sending
multiple goods, but have then had an avalanche of negative feedback, with a domino effect of paypal charges that
have ruined their ebay sellers career before it began, my main gripe with ebay is the extortionate final value fee that is proportionate with whatever you
sell your item for, this is way beyond the scope of interest, it is even way
beyond charging rental space and having the contents removed three months later (which lets face it is what
ebay is doing with your listing), the fact that ebay ontop of this
charges a final value fee, puts it on a par with a MLM money making scheme (
last I heard this was illegal under ebays terms and conditions, doesnt that
also make ebays business practice illegal), this is a HYIP pure and simple,
full of crooks, cheats, and scam artists, which ebay needs to maintain its over
inflated dividends, I wont even talk about its own payment processor, paypal,
a scam artists paradise, complete with chargebacks, where the seller is held
solely responsible, regardless of wether the items were sent or not.
_______________
Get back on ebay even after suspension
Amazing paypal loophole
unlock your phones
Quit smoking in a week
Improve your golf handicap in two weeks
Free dating
Get paid to read emails
Watch TV online
cheap mp3s
Posted by: John wilier | September 17, 2006 at 04:21 AM
Swinging Lifestyle and Adult Dating - Find your Perfect SEX Partner today.
Great DataBase of Swinging Couples who Enjoy Relationship and Sex with One Another.
FREE to Join. swingers
http://swingers-mate.com
Posted by: swinger | September 12, 2006 at 12:52 PM
Unfortunately my company doesn't do Ebay/Paypal checkout on the Ebay site - we are currently unable to do checkouts anywhere except through our own shopping cart. That means that we have to send auction winners an email with a clickable link that populates our shopping cart with their auction item and the correct price. So your encouraging people to not click on links in emails would actually hurt us.
Posted by: Lisa | August 22, 2006 at 09:41 AM
Amazing how technical some of the exploits are getting. The fact is that when things get this complicated it just becomes too much to ask from regular 'net users to avoid being duped. This is where eBay needs to come in and put some of your advice to good use.
Another great reason to use Roboform that I never thought of before. If your password is in there it simply won't be offered up as an option if you aren't really on that domain.
Posted by: Jonathan Smith Free Auction Help | August 21, 2006 at 02:44 AM