The San Jose Mercury News newspaper reported Saturday that scammers are using eBay listings to redirect people to hoax sites and install viruses on their computers (http://www.mercurynews.com/mld/mercurynews/business/technology/13376864.htm).
Reporter Michael Bazeley said when eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page and appeared to download a virus onto users' computers.
The technique apparently works using malicious JavaScript code in listings, something that eBay said it automatically scans for, but may have "sneaked past the screening process" in these cases.
It's similar to a problem reported by an AuctionBytes reader in November involving a member-to-member email. The seller logged in to her "My eBay" account to read a "Question from eBay Member" email. She said, "When I opened the message in My Messages in My eBay, it launched/triggered a script that created a phony eBay login page (like the kind you get when you have been idle too long). The font and layout was off just enough to make me look at the URL and see that it was a phish."
At the time, eBay spokesperson said that Member to Member emails, including Question from eBay Member, do not allow people to put either html or javascript into emails, but had not addressed the specific case (http://auctionbytes.com/cab/abu/y205/m11/abu0155/s06).
