« Government-Funded Startup Blasts Rootkits | Main | End of Support: Windows 98, 98SE and ME »

Scripts in eBay Postings May Enable Phishing Attacks

US-CERT Cyber Security Alert SA06-117A --
Scripts in eBay Postings May Enable Phishing Attacks
Original release date: April 27, 2006

Systems Affected:

The eBay web site may contain pages that affect various web browsers.

Overview:

A vulnerability in the eBay web site may allow an attacker to steal personal information from eBay customers.

Solution:

Verify the legitimacy of eBay web pages

Attackers may use the vulnerability to perform a phishing attack.

Make sure that the URL is accurate, and check the web site certificate to make sure that you are visiting an authentic eBay web page.

Description:

eBay allows users to incorporate a type of code, also known as scripting, into the auction descriptions on its web site. An attacker can use this code to modify pages on eBay's web site or redirect you to a malicious web page. These may appear to be legitimate eBay web pages that request personal information. Using these techniques, an attacker may be able to collect your passwords, credit card numbers, or other personal information.

Please see US-CERT Vulnerability note VU#808921 for details and additional workarounds.

References:
US-CERT Vulnerability Note VU#808921

The most recent version of this document can be found at:
http://www.us-cert.gov/cas/alerts/SA06-117A.html

Norton AntiVirus 2007 and Norton I

Overview
The eBay web site contains a cross-site scripting vulnerability.

I. Description
eBay is a popular auction web site. When an eBay user posts an auction, eBay allows SCRIPT tags to be included in the auction description. This creates a cross-site scripting vulnerability in the eBay website. More information about cross-site scripting is available in CERT Advisory CA-2000-02.

II. Impact

An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.

III. Solution

The US-CERT is currently unaware of a practical solution to this problem, however the following workarounds may help mitigate the vulnerability:

Disable scripting

Disable scripting in your web browser, as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ. This can also be accomplished by adding "ebay.com" to the Restricted Sites zone in Internet Explorer. Users of Mozilla-based browsers can use Configurable Security Policies (CAPS) to disable scripting for the "ebay.com" web site.

Validate web site addresses

When interacting with web sites, pay close attention to the web site address displayed by the browser. Especially when providing login information, make sure the web browser is displaying the proper URL, as described in the eBay Spoof Email Tutorial and US-CERT Cyber Security Tip ST04-014.

Validate web site certificates

Web sites may require sensitive information such as passwords or credit card information. In these cases, make sure the web site is using an encrypted (HTTPS) connection. Validate the web site certificate, as described in US-CERT Cyber Security Tip ST05-010.

Posted by Wiz on April 29, 2006 2:26 PM |

Spyware Doctor is a multi-award winning spyware removal utility that detects, removes and protects your PC from thousands of potential spyware, adware, Trojans, keyloggers, spybots and tracking threats.

Spyware Doctor
Spyware Doctor utilizes a sophisticated database of malware infections to detect and remove malware from your computer. The database currently incorporates over 50,000 signatures. Multiple databases are released each week, assisting you to keep your system free of new infections.

Spyware Doctor is fully capable of detecting and removing hidden processes associated with complex threats and rootkits. Such threats are otherwise difficult to remove by conventional means since they may be hidden to the operating system.

A Startup Scanner removes references to malicious programs that run at startup in the registry and Windows startup files, as well as malicious files in Windows startup locations.

State-of-the-art scanning engines, including file scan, memory scan, registry scan, browser helper objects scan, cookie scan and much more.

Search


Recent Posts

Categories

Wizcrafts main pages

Wizcrafts Home Page
Security Alerts
Frequently Asked Questions
Website Hosting Solutions
Links and Resources
MailWasher Pro Spam Filter
Networking Fundamentals
About Computer RAM & Upgrades
Webmaster Services
Wizcrafts' Site Map

Anti-Spyware websites

Windows Live OneCare Safety Scanner
AVG Free Anti Virus/Spyware
US-CERT.gov
AboutBuster
CWShredder
Spybot Search & Destroy
Spyware Blaster
Ad-Aware Personal
SiteAdvisor Toolbar
Strider URL Tracer
Windows Defender
Rogue Anti-Spyware list
HijackThis
A-squared HiJackFree
A-squared Trojan remover

Get Webroot Spy Sweeper Now

Spyware Removal Forums

AboutBuster Support Forums
CastleCops Forums
SpywareWarrior Forums
Spywareinfo Forums
MajorGeeks Forums
TomCoyote Forums
Wilders Security Forums
Bleeping Computer HijackThis Logs and Analysis
Bleeping Computer Spyware Removal Guides
A-Squared HijackFree Forum
AVG-Free Self Help Forums

Archives

Subscribe to this blog's feed
[What is this?]

Start Your Blog Today