Was doing my nightly browse the other day. Started off by logging in to check some auctions being watched, then headed to the "Buy" section, clicked "Cycling." As the general listings in the cycling window presented themself, I noticed two nudie thumbnails in the Gallery preview next to the auction listing. Being the tits and ass kinda guy I am, I was curious to see what was for sale and clicked the auction list. The Firefox browser does a brief shake, rattle and roll, and then get a message that the auction was taken down. Don't think much about at it at the time so go ahead and browse for some Cervelo/Time frames. Sure enough within 24hrs, my ebay account has been suspended due to 3 unauthorized listings and my password doesn't work. Had to reset various account/email info and committ to a live chat with an ebay tech to get my account up and running.

This is the first time I've heard/seen of malicious html on ebay.com itself. I can spot the usual phishing attempts in email (delete those without opening), but this new attempt was pretty brazen to say the least.

Heads up.

You've learned your lesson, no such thing as free T&A.

May want to X-post this on the podium girls forum, some guy linked to one of those posts and I'm sure a ton of people clicked on it,

Silas

F**** i just did that. thanks for the warning. will kill it

Identity thieves are some of the most cunning people around. My line of work involves such scenarios and I can tell you that they are constantly evolving. Every time they get busted, they learn from it and figure out a way to come back with a new bag of tricks.

Silas is right - no one will offer anything for free unless they have an agenda.

The cliche still holds: if something is too good to be true, it probably is.

It also helps to avoid opening links or attachments unless you are absolutely sure it's safe. And no valid email will ever ask you for sensitive info. Also update your firewall as well any other anti-spyware programs. Firefox is very good with their updates, so never ignore that.

If you want to cover all your bases, make sure your other internet activities (credit card, bank, utilities, etc) have NOT been compromised. Remeber - these internet criminals do this for a living (and some of them turn quite a nice profit).

Just to re-affirm that clicking the ebay auction itself was what did the deed. The auction title was normal as it was advertising a Trek road bike if I recall. In the screenshot I've posted below, simply swap out the pic of that Trek on the left hand side with one of a girl showing her tits on a bike, and that's what I delt with. I did not click any links within the thread because the auction and auction description were non-existent. Perhaps ebay thought they were just taking down a nude pic auction, but in reality the malicious code was built into the auction title after the standard click to view the auction description.

This is a rather serious issue, which the ebay tech expressed in chat. Nothing they've seen before. Advice like "no one will offer anything for free unless they have an agenda" really doesnt fit in here. This is a new scheme and could have easily have gotten the most savy security techs. You could click the auction title for that new Colnago C50 viewable as a thumbnail in the left hand gallery and boom, you're ebay password has been phished. They're closing down ebay accounts like crazy because of this according to a computer component tech site I frequent.

Malicious HTML and unknown links "within" auction description is a whole different story...much more amateurish compared to this.

http://img201.imageshack.us/img201/9088/ebayviewao3.jpg (http://imageshack.us)

Just to re-affirm that viewing the ebay auction itself was what did the deed.

And I'm glad you highlighted this. You did the community a favor by describing a new method of internet fraud.

My comments were directed more to those who read this thread.

And like I stated, the cyber thieves are constantly evolving. Their intelligence is only matched by their lack of morals.

A co-worker made the comment that people commit crimes because they're not smart enough to make it the honest way. I find this rather naive. There are those who get off on breaking the rules. And some of these people are extremely savvy. This element genuinely believes that money won is twice as sweet as money earned - and they scoff at those who work normal honest jobs.

And I'm glad you highlighted this. You did the community a favor by describing a new method of internet fraud.

My comments were directed more to those who read this thread.

And like I stated, the cyber thieves are constantly evolving. Their intelligence is only matched by their lack of morals.

A co-worker made the comment that people commit crimes because they're not smart enough to make it the honest way. I find this rather naive. There are those who get off on breaking the rules. And some of these people are extremely savvy. This element genuinely believes that money won is twice as sweet as money earned - and they scoff at those who work normal honest jobs.

Very true. I've been to a DEFCON a few years back just to see what it was all about (engineer here) and some of those youngsters are the sharpest of today's top students. Many eventually grow up and work for computer tech/security companies, but always hordes that never leave the black for white/grey. Alot of these phishers are just teens that sell off account information to lifetime con's using transaction methods such as egold/webpay etc.

Interesting. There's a nudie link just as you described, and it's there right now. Tempting to see what would happen with the Camino browser on my Mac.

Update: Couldn't stop myself. I signed out of my eBay account, got back to the nudie auction and clicked it. Got the "auction closed" message just as you indicated. Lets see what happens next. Still don't understand how a password could be grabbed since it isn't stored anywhere.