I am not sure if this is better served by incidents or bugtraq, but in
any event here it is. I frequently get the fake looking e-mails
phishing for my Paypal, eBay, and banking login/password information.
Generally the links to the spoofed webpages are just links to a fake
page with a modified A HREF tag. However, it appears someone has found
that eBay's actual page has a command to redirect to a specified
webpage. While this shouldn't be a big risk, it still poses a small one
and is being actively exploitated.
The page actually appears to link to eBay and it does, the link below is
the one I received in my inbox recently.
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh
Simply:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com
Steven
steven@xxxxxxxxxxx