AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Mon Jan 19 2015 22:37:41

Another eBay Redirect Attack Leaves Sellers Vulnerable

By: Ina Steiner

Sponsored Link

In September, we wrote about an eBay vulnerability known as a cross-site scripting (XSS) attack. The attack drew the attention of the BBC after a powerseller showed how hackers had placed malicious Javascript code within product listing pages that redirected visitors to a spoof site in order to collect user names and passwords.

Today, an eBay user sent us a link to an eBay product listing page that was infected with a malicious embed. The listing was brought to his attention when a supposed buyer emailed him asking him to relist the item, even though it was not his listing.

"Searching for this item on ebay will redirect you to an ebay lookalike site requesting your password," he said.

We searched eBay.com for the item number and clicked through to the listing. After a few seconds (enough time to grab a screenshot of the listing), our anti-virus software popped up showing that the page was trying to redirect us to a German website and warning that it was a phishing website.

The reader said the listing had been active all day, and that eBay had been contacted about it hours before, yet the infected listing remained live on the site.

If you receive an email asking you to relist an item and pointing to a listing that is not your own, beware!

Comments (26) | Leave Comment | Permalink
Readers Comments

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

This user has validated their user name. by: Ric

Tue Jan 20 22:28:52 2015

John Donahoe's parting gift to eBay's "noisy" sellers...

"I asked to speak with a supervisor, the reply was that e bay no longer tolerates, seller complaints and that if I continued to ask I would receive a violation MC999 "noise complaint" and I could have restrictions placed upon my account"

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

This user has validated their user name. by: permacrisis

Tue Jan 20 23:59:43 2015

You know what's sad? If these same Germans built an eBay 2003 lookalike site, they'd make billions.

I'd sure as hell give them MY business.

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

This user has validated their user name. by: Rexford

Wed Jan 21 07:27:51 2015

""I asked to speak with a supervisor, the reply was that e bay no longer tolerates, seller complaints and that if I continued to ask I would receive a violation MC999 "noise complaint" and I could have restrictions placed upon my account"

You have GOT to be kidding me.  If this is true, that statement alone should tell anyone how messed up this company is. Reminds me of a war or work camp atmosphere.  YOU WILL RECEIVE 100 LASHES AND GO TO SOLITARY IF YOU GET OUT OF LINE.

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

This user has validated their user name. by: Philip Cohen
Web Site

Wed Jan 21 17:28:09 2015

‘I asked to speak with a supervisor, the reply was that ebay no longer tolerates seller complaints and that if I continued to ask I would receive a violation MC999 "noise complaint" and I could have restrictions placed upon my account’

Does that not say it all; eBay’s Johnny Ho has disparagingly referred to the great many small sellers on eBay as simply “noise”. Well, Johnny Ho, how’s your marketplace going now, now that you have driven away so much of that “noise”?

The eBay executive suite—where the incompetent mingle with the disingenuous, the malevolent and the outright criminal, and the just plain stupid ... http://bit.ly/11F2eas

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

by: Jester This user has validated their user name.

Thu Jan 22 00:39:09 2015

I am not clicking on a listing when the username has as a part of it 666.

Perminate Link for Another eBay Redirect Attack Leaves Sellers Vulnerable   Another eBay Redirect Attack Leaves Sellers Vulnerable

by: renaissancegirl This user has validated their user name.

Tue Jan 27 19:06:20 2015

So this is where that vicious virus came from! Yes, the same thing happened to me and it cost me plenty of money, time and aggravation to fix the embedded virus in my computer. Between this and the fees ebay overcharges, they are becoming or should I say have become totally worthless!  

Click to view more comments
1 2 


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.