Interesting vector for browser vulnerability exploit…ebay



incidents.org has received a tip on an ebay item that contained some malicious script…

ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link that tries to get a trojanized .jar (usage.jar) file loaded on anyone who loads the listing. The latest .dat for McAfee immediately detected (and deleted) the code as Exploit-ByteVerify. The lister most likely managed to bypass other protections that otherwise prevents this kind of code from being inserted into item listings. Both eBay and the ISP that is hosting the malware have been notified.


This is an interesting way to use a legit site to sneak something past the casual users. Their warning is to verify any html input that you allow from visitors to your site.

Related Posts

Blog Traffic Exchange Related Posts
  • Multi-OS virus? The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let's face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers...) It would almost make sense that even though it's POC..........
  • Update on Internet Explorer Exploit in the wild If you use Internet Explorer to browse the web, I'd suggest finding the instructions to disable active scripting, or drop it and use something else in light of the recent exploit floating around. It seems that in spite of Microsoft's infinite wisdom that "Microsoft has determined that an attacker who......
  • Time, value, ROI, Google and this site.... Googlebummed This is a fairly significant "state of this site" type post and well... if you're a usual visitor you might want to read/skim this one. It's been about 15 months or so since the last big redesign of this site and as some long time lurkers may know, the updates......
Blog Traffic Exchange Related Websites
  • Advertising on Facebook If you are not already making use of Facebook as a method of marketing your business or niche, then you are absolutely missing out on a great opportunity to reach out to hundreds of millions of active users. Today, Facebook has become one of the most popular online social networking......
  • Guide To EBay Local Pick Up Items Purchase And Delivery eBay is without doubt the most widely known website to look for second hand items However, while many items such as mobile phones, cameras, clothes can be shipped easily through courier companies or postal services,relatively heavy items such as furniture and cars cannot. Therefore, many eBay sellers select the......
  • Make Money On EBay - Easily I am a seller on eBay, and here are my top tips for making money on eBay easily. This is aimed at helping newcomers to make money on eBay, starting with some important basics. Firstly, when you register on eBay you need to choose a name (eBay ID). Give this......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site