728_header.jpg (23748 bytes)
 Home   EB Blog   AB Blog   Letters   Podcasts   ABTV   Forums   EPIS   PR Service   Classifieds   Ecommerce EKG   Service Ratings   
  Subscribe    RSS Feeds    Twitter        Contact Us  Web Site  
Service Ratings 
   Auction Sites
   FP Marketplaces
   Inventory Management
   Payment Services
   Storefronts & Carts
   Sniping Services
   Wholesale/Dropshipping
   Email List Hosting
   Consignment Services
   Ecommerce EKG 
   Auction Calendar
   Collectors' Links
   eBay Promo History
   Bookshelf
   Fraud Resources
   Drop-Off Store Laws
   ABTV
   Ecommerce Resources
   Photo Tips
   Marketing Inserts
   Yellow Pages
   Advertising
EcommerceBytes-NewsFlash, Number 1170 - December 12, 2005 - ISSN 1539-5065     Previous | | Next
Mercury News Reports Security Vulnerability in eBay Listings
By Ina Steiner
EcommerceBytes.com
December 12, 2005


The San Jose Mercury News newspaper reported Saturday that scammers are using eBay listings to redirect people to hoax sites and install viruses on their computers (http://www.mercurynews.com/mld/mercurynews/business/technology/13376864.htm).

Reporter Michael Bazeley said when eBay users clicked on the listing titles, their Web browser was immediately redirected to the fraudulent log-in page and appeared to download a virus onto users' computers.

The technique apparently works using malicious JavaScript code in listings, something that eBay said it automatically scans for, but may have "sneaked past the screening process" in these cases.

It's similar to a problem reported by an AuctionBytes reader in November involving a member-to-member email. The seller logged in to her "My eBay" account to read a "Question from eBay Member" email. She said, "When I opened the message in My Messages in My eBay, it launched/triggered a script that created a phony eBay login page (like the kind you get when you have been idle too long). The font and layout was off just enough to make me look at the URL and see that it was a phish."

At the time, eBay spokesperson said that Member to Member emails, including Question from eBay Member, do not allow people to put either html or javascript into emails, but had not addressed the specific case (http://auctionbytes.com/cab/abu/y205/m11/abu0155/s06).

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletters

Email this story to a friend.

Previous | | Next

 EcommerceBytes Blog 
 AuctionBytes Blog 
 Letters to the Editor 
Related Stories 
Related Stories
  • Mercury News Reports Security Vulnerability in eBay Listings - December 12, 2005, Issue #1170

    • Discussion Forums 
    Have a question about buying or selling online? Want to get marketing or technical advice? AuctionBytes Discussion Forums are the place to come to get answers to your questions and get advice! Great tips - a refreshing change!

    Current Discussions:
     
    About Us      Privacy Policy      Link to Us      Partners      Our Writers      Write for Us      Press        Site Index

    Copyright 1999-. Steiner Associates LLC. All rights reserved.