This is a follow-up to my initial discovery that eBay has it's own redirector and this redirector was now showing up in Phishing scams.
Despite my adamant, fervent & rabid inquiries, eBay has done nothing. With the rise of the use of the redirector on eBay and this more obscure url now being used, I believe even more phish-aware users would be caught:
http://cgi4-munged.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomai...
Anyone who knows anyone at eBay that understands security should email them and tell them to turn this redirector OFF.
In the meantime, here's an SA Rule to help catch it which I would appreciate feedback about:
# This rule is to mark emails using the exploit of the eBay redirector uri KAM_EBAYREDIR /.*.ebay.com.*RedirectToDomain/i describe KAM_EBAYREDIR Attempted use of eBay redirector - high probability of fraud score KAM_EBAYREDIR 7.0
More posted at: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Regards, KAM
On Sunday, February 20, 2005, 5:44:35 AM, Kevin McGrail wrote:
This is a follow-up to my initial discovery that eBay has it's own redirector and this redirector was now showing up in Phishing scams.
Despite my adamant, fervent & rabid inquiries, eBay has done nothing. With the rise of the use of the redirector on eBay and this more obscure url now being used, I believe even more phish-aware users would be caught:
http://cgi4-munged.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomai...
Anyone who knows anyone at eBay that understands security should email them and tell them to turn this redirector OFF.
In the meantime, here's an SA Rule to help catch it which I would appreciate feedback about:
# This rule is to mark emails using the exploit of the eBay redirector uri KAM_EBAYREDIR /.*.ebay.com.*RedirectToDomain/i describe KAM_EBAYREDIR Attempted use of eBay redirector - high probability of fraud score KAM_EBAYREDIR 7.0
More posted at: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Thanks Kevin, I'm asking around if anyone has contacts at eBay.
Jeff C. -- "If it appears in hams, then don't list it."
On Sunday, February 20, 2005, 7:05:52 AM, Jeff Chan wrote:
On Sunday, February 20, 2005, 5:44:35 AM, Kevin McGrail wrote:
This is a follow-up to my initial discovery that eBay has it's own redirector and this redirector was now showing up in Phishing scams.
Despite my adamant, fervent & rabid inquiries, eBay has done nothing. With the rise of the use of the redirector on eBay and this more obscure url now being used, I believe even more phish-aware users would be caught:
http://cgi4-munged.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomai...
[...]
More posted at: http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Thanks Kevin, I'm asking around if anyone has contacts at eBay.
I've heard back from some folks at eBay that they're now working on this issue.
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Kevin A. McGrail