Earlier this evening Duane (my biz partner) noticed something strange about an eBay results page.
He went to this Ebay Results Page for a 2006 Seadoo Sportster and clicked on the second link:
The click on the listing was redirected through http://webskin.iscd.it/icons/wsmotors/kebay/redirect.html?varianta=8
and ended up at
http://cgisignin.ebay.com.selectarh.com.br/%20/ws1/ebaymotors/
kebay/ViewItem.php?item=330132876757&price=6,999.00
which is a near-exact reproduction of the eBay auction page, but on a phishing domain. Of course if you try to buy the item you have just given up your eBay username and password and possibly your payment information. The low cost of the item is what caught Duane’s attention initially.
Even turning off meta redirect and javascript causes the ebay listing to jump to the phishing domain. It looks like the exploit is done through embedded flash on the listing page without anyone even noticing the redirect.
There seems to be a pretty serious flash exploit out there – this could affect a lot more websites than eBay.
This site runs on Thesis. Yours should too
Are you a blogger that doesn't understand a lot of PHP? Are you looking for a theme with Flexibility, Easy Customizations, Rock Solid SEO, and Outstanding Support?
If so Thesis is for you. Using Thesis you will have more control over layout and design than you ever thought possible. Simply point and click.
For more advanced users Thesis has an intelligent customization system that uses hooks. Using hooks you can use Thesis across all of your sites and never tell it was the same theme. Watch the Thesis Video Tour.


{ 1 comment… read it below or add one }
I have seen this scheme before myself, and the reproduction is so realistic that you really do believe ebay is asking you to enter your login information again. I guess the rule here is always look at the URL in the browser before you enter any important information.