Earlier this evening Duane (my biz partner) noticed something strange about an eBay results page.
He went to this Ebay Results Page for a 2006 Seadoo Sportster and clicked on the second link:
The click on the listing was redirected through http://webskin.iscd.it/icons/wsmotors/kebay/redirect.html?varianta=8
and ended up at
which is a near-exact reproduction of the eBay auction page, but on a phishing domain. Of course if you try to buy the item you have just given up your eBay username and password and possibly your payment information. The low cost of the item is what caught Duane’s attention initially.
There seems to be a pretty serious flash exploit out there – this could affect a lot more websites than eBay.