eBay Phishing scams, eh?
This is a clever one.
The eBay site is redirecting requests to external domains. An attacker can build a querystring that will cause a valid ebay.com domain to redirect to an attacker’s page:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http://www.attackers-domain.com/malware/
All they need do is obfuscate the URL to hide what is really happening, like so:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=%68%74%74%70%3A%2F%2F%68%6F%6D%65%2E%64%75%72%64%6C%65%2E%63%6F%6D%2F%76%61%72%73%2E%61%73%70
That’ll point to http://home.durdle.com. …
Can't Even Trust Ebay's Servers Anymore
By Howard | Published February 23rd, 2005No need to go out…
By Howard | Published February 14th, 2005No need to go out, as there’s been a lot to enjoy on TV over the last few months, the majority of it imported from America.
I read an article a while ago (in the Times, I think) that pointed out that the UK and the US are going through a change of competency when it…
Recent Comments