Earlier this evening Duane (my biz partner) noticed something strange about an eBay results page.

He went to this Ebay Results Page for a 2006 Seadoo Sportster and clicked on the second link:

Ebay Phishing Scam

The click on the listing was redirected through http://webskin.iscd.it/icons/wsmotors/kebay/redirect.html?varianta=8

and ended up at

http://cgisignin.ebay.com.selectarh.com.br/%20/ws1/ebaymotors/
kebay/ViewItem.php?item=330132876757&price=6,999.00

which is a near-exact reproduction of the eBay auction page, but on a phishing domain. Of course if you try to buy the item you have just given up your eBay username and password and possibly your payment information. The low cost of the item is what caught Duane’s attention initially.

Even turning off meta redirect and javascript causes the ebay listing to jump to the phishing domain. It looks like the exploit is done through embedded flash on the listing page without anyone even noticing the redirect.

There seems to be a pretty serious flash exploit out there – this could affect a lot more websites than eBay.