Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

ACK!!! What virus is this?!? Ebay wants an ATM PIN?!?
Ebay Motors ^ | Saturday, March 6, 2010

Posted on 03/06/2010 1:02:42 PM PST by Special Agent Anthony DiNozzo

I am trying to log into my ebay account, and I am being asked for all sorts of personal information, to include an ATM PIN.
 
I am going to the correct URL [the browser shows it as living at "ebay.com"], so this isn't "phishing".
 
Ergo one of the following must be true:

1) Either Ebay has been hacked, or
 
2) I have a very sophisticated virus on my machine which is capable of altering my TCP/IP stack and redirecting my DNS lookups.


TOPICS: Crime/Corruption; Miscellaneous; News/Current Events; Technical
KEYWORDS: chat; vanity
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 121-134 next last
To: webschooner
Also, I notice there is an “s” after http in the url. That isn’t normal is it?

Yes it is, for a secure site.

41 posted on 03/06/2010 1:14:54 PM PST by El Gato ("The second amendment is the reset button of the US constitution"-Doug McKay)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Smogger

Look at the source code for the page you linked - it sends the browser to ‘www.ebay.com’ with a redirect.

Which is going to make IE look it up again.... and go back to the fake site because of the hijacked DNS.


42 posted on 03/06/2010 1:15:01 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Special Agent Anthony DiNozzo

Note phrasing and spelling.

Authorised

Please enter as more informaation as possible

Fraud or fake imo.


43 posted on 03/06/2010 1:15:20 PM PST by deport
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo
Good grief, if it's in my TCP/IP stack, then I'm going to have to re-install the entire operating system.
 
That can take literally days - maybe even a week - to accomplish.
 
Ugh.
44 posted on 03/06/2010 1:15:22 PM PST by Special Agent Anthony DiNozzo (SCORE!!! And in Paris, no less. MOO HA HA HA HA HA HA!!!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

...

So, do you want advice on how to fix this, or are you going to keep ignoring me? :P


45 posted on 03/06/2010 1:16:02 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: Special Agent Anthony DiNozzo

Report it immediately:

http://pages.ebay.com/securitycenter/researchers.html


46 posted on 03/06/2010 1:17:00 PM PST by thecodont
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

Read the page carefully. It has the smell of English as a second language about it. No way this is eBay.


47 posted on 03/06/2010 1:18:23 PM PST by Paine in the Neck (Ense petit placidam sub libertate quietem)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

Current ebay pages have copyright notice date 2010 not 2008


48 posted on 03/06/2010 1:18:34 PM PST by steveo (2010 never again)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

I once had what appeared to be an email from my bank, but when I looked closer at the IP address, it didn’t seem right. Turned out the email originated in Zimbabwe.


49 posted on 03/06/2010 1:19:10 PM PST by fatnotlazy
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

Copy URL and send it to phish@ebay.com


50 posted on 03/06/2010 1:19:44 PM PST by Bringbackthedraft
[ Post Reply | Private Reply | To 1 | View Replies]

To: webschooner

That is pretty weird. The “s” after http is for “secure” which is normal once two computers have exchanged certificate information, meaning the session is encrypted. Below is part of the URL I get when I prepare to login to eBay.

https://signin.ebay.com/ws/eBayISAPI.dll?

Looks to me like somebody has hijacked the eBay domain in a server somewhere. I’m no expert in this area by any means but somebody is spoofing the eBay login page. Works from my connection.


51 posted on 03/06/2010 1:20:19 PM PST by West Texas Chuck (US out of the UN - UN out of the US)
[ Post Reply | Private Reply | To 11 | View Replies]

To: West Texas Chuck

The hijack isn’t in a server, it’s on his own machine.


52 posted on 03/06/2010 1:21:15 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 51 | View Replies]

To: Special Agent Anthony DiNozzo
Non-authoritative answer:
 
Name: signin.ebay.com
 
Addresses: 66.135.205.10, 66.211.181.81, 66.211.181.96, 66.135.202.42, 66.135.202.59, 66.135.202.140

53 posted on 03/06/2010 1:21:15 PM PST by Special Agent Anthony DiNozzo (SCORE!!! And in Paris, no less. MOO HA HA HA HA HA HA!!!!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Special Agent Anthony DiNozzo

No, you’ve got a browser hack. Just use hijackthis. http://free.antivirus.com/hijackthis/


54 posted on 03/06/2010 1:22:13 PM PST by BenKenobi (And into this Ring he poured his cruelty, his malice and his will to dominate all life.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: Special Agent Anthony DiNozzo

It won’t show up that way unless you have one of the older and clumsier virii. Isn’t Windows/IE fun? :P


55 posted on 03/06/2010 1:23:10 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 53 | View Replies]

To: Spktyr

Thanx. I guess by the time I posted my bit another 50 people had pointed out the same thing.

Slow connection blues.


56 posted on 03/06/2010 1:23:34 PM PST by West Texas Chuck (US out of the UN - UN out of the US)
[ Post Reply | Private Reply | To 52 | View Replies]

To: Spktyr

Good point, and the first sentence is a dead giveaway as the sentence structure is not what anyone on these shores would use to explain the new security system. In fact the whole upper explanation which I didn’t read until I saw your post, reads screwy. The word Fraudsters is unlikely to be used in professional correspondence.

The dead giveaway is the next sentence, “Please enter as more information as possible to provide your complete identification”... Written by someone who does not have a command of the English language, except from a foreign perspective.


57 posted on 03/06/2010 1:24:22 PM PST by wita
[ Post Reply | Private Reply | To 18 | View Replies]

To: BenKenobi

That’s possible, too. Usually, though, they don’t just settle for browser ‘jacks these days.

I would suggest getting Malwarebytes (free) from Download.com, rebooting into safe mode (with networking) and then installing/updating/running MB.

HJT is nice for diagnosis but it doesn’t actually remove anything.


58 posted on 03/06/2010 1:25:10 PM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 54 | View Replies]

To: Special Agent Anthony DiNozzo

DiNozzo, does somebody get to smack you on the back of the head now ;)


59 posted on 03/06/2010 1:27:41 PM PST by West Texas Chuck (US out of the UN - UN out of the US)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Special Agent Anthony DiNozzo
This is the real sign on e-bay -- what you have on the right side of the page is phony.

Check with and listen to the couple of people who offered to help you fix this.

60 posted on 03/06/2010 1:28:11 PM PST by SmartInsight
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-80 ... 121-134 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson