Interesting vector for browser vulnerability exploit…ebay



incidents.org has received a tip on an ebay item that contained some malicious script…

ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link that tries to get a trojanized .jar (usage.jar) file loaded on anyone who loads the listing. The latest .dat for McAfee immediately detected (and deleted) the code as Exploit-ByteVerify. The lister most likely managed to bypass other protections that otherwise prevents this kind of code from being inserted into item listings. Both eBay and the ISP that is hosting the malware have been notified.


This is an interesting way to use a legit site to sneak something past the casual users. Their warning is to verify any html input that you allow from visitors to your site.

Related Posts

Blog Traffic Exchange Related Posts
  • AT&T rbl block inquiry site First, I guess I should give a primer, what's an RBL? RBL stands for Realtime Black List (or Realtime Block List depending on who you talk to.) The idea is there are machines that either 1) have no business DIRECTLY trying to deliver a mail message to a legitimate mail......
  • Multi-OS virus? The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let's face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers...) It would almost make sense that even though it's POC..........
  • Update on Internet Explorer Exploit in the wild If you use Internet Explorer to browse the web, I'd suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft's infinite wisdom that "Microsoft has determined that an attacker who......
Blog Traffic Exchange Related Websites
  • Is It Better When You "Win" It? Ebay has been running an interesting campaign over the last couple of weeks. You may have seen a series of "Shop Victoriously" commercials. These show people in competition for some kind of trinket or collector's item, such as a classic lunch box or an urn. By the end of the......
  • No Far More Boring Weblog Templates For Your WordPress Blog I am positive that if you are visiting this page, you will be interested in genesis theme framework. Probably the hardest aspect of WordPress to grasp for new customers is that there's no set "look" to the site it produces - the content and design and style are fully separated,......
  • Advertising on Facebook If you are not already making use of Facebook as a method of marketing your business or niche, then you are absolutely missing out on a great opportunity to reach out to hundreds of millions of active users. Today, Facebook has become one of the most popular online social networking......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site