You may want to be careful about following links like this. I have read that part of the problem is, even if you load bogus information or no information at all, these sites will drop keyloggers, Trojans, etc. on your machine. Just their way of saying 'Thanks for dropping by'.... :( Thomas T. Evans, III CCNA Senior Network Manager Hawk Corporation ttevans@xxxxxxxxxxxx 216-267-7787 Ext. 500 Cell: 440-669-2526 Fax: 917-464-7241 President, MFG/Pro Midwest User Group "The difference between genius and stupidity is genius has limits" -- Albert Einstein -----Original Message----- From: Jonathan Rockway [mailto:jrockw2@xxxxxxx] Sent: Monday, February 14, 2005 7:25 PM To: bugtraq@xxxxxxxxxxxxxxxxx; Josh Tolley Subject: Re: eBay Account Phishing with eBay Redirect I just tried this out and it worked for me. I got a page asking for a login name and made up a login name and password. After ``logging in'', I got a page asking for my address, phone, CCN, bank information, etc. (They ask for everything! ATM PIN, SSN, DOB, etc... who would actually provide this to the real eBay!?) After I submitted my fake data, it redirected me to the real eBay login. Regards, Jonathan Rockway On 14 Feb 2005, at 1:08 PM, Josh Tolley wrote: > I just tried this with my own URL, and eBay didn't forward me to some > other site. Perhaps they've plugged this already? > > Josh Tolley > Raintree Systems, Inc. > http://www.raintreeinc.com > 760 509 9000 > > Steven wrote: >> I am not sure if this is better served by incidents or bugtraq, but >> in any event here it is. I frequently get the fake looking e-mails >> phishing for my Paypal, eBay, and banking login/password information. >> Generally the links to the spoofed webpages are just links to a fake >> page with a modified A HREF tag. However, it appears someone has >> found that eBay's actual page has a command to redirect to a >> specified webpage. While this shouldn't be a big risk, it still >> poses a small one and is being actively exploitated. >> The page actually appears to link to eBay and it does, the link below >> is the one I received in my inbox recently. >> http://cgi4.ebay.com/ws/eBayISAPI.dll? >> MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%3 >> 1%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DA >> AJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrfer >> HCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh Simply: >> http://cgi4.ebay.com/ws/eBayISAPI.dll? >> MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com Steven >> steven@xxxxxxxxxxx >> -- Jonathan Rockway <jrockw2@xxxxxxx> http://www.uic.edu/~jrockw2/
