Interesting vector for browser vulnerability exploit…ebay



incidents.org has received a tip on an ebay item that contained some malicious script…

ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link that tries to get a trojanized .jar (usage.jar) file loaded on anyone who loads the listing. The latest .dat for McAfee immediately detected (and deleted) the code as Exploit-ByteVerify. The lister most likely managed to bypass other protections that otherwise prevents this kind of code from being inserted into item listings. Both eBay and the ISP that is hosting the malware have been notified.


This is an interesting way to use a legit site to sneak something past the casual users. Their warning is to verify any html input that you allow from visitors to your site.

Related Posts

Blog Traffic Exchange Related Posts
  • Time, value, ROI, Google and this site.... Googlebummed This is a fairly significant "state of this site" type post and well... if you're a usual visitor you might want to read/skim this one. It's been about 15 months or so since the last big redesign of this site and as some long time lurkers may know, the updates......
  • Secrets of Making money online - bux.to I know, you've seen the ads - make $6000 a week in your spare time!! Make money doing the things you do ANYWAY, like reading email, browsing the web. The last week or so as things have been slow (and technically I was still "on vacation" until the 3rd of......
  • AT&T rbl block inquiry site First, I guess I should give a primer, what's an RBL? RBL stands for Realtime Black List (or Realtime Block List depending on who you talk to.) The idea is there are machines that either 1) have no business DIRECTLY trying to deliver a mail message to a legitimate mail......
Blog Traffic Exchange Related Websites
  • Stimulus Watch: Check This Out! [/caption] I've asked myself this question many, many times, but I never could come up with a concrete answer.  Yesterday, however, I was surfing the web when I came across a very interesting website: Stimuluswatch.org.  This website has a detailed description of what exactly our money is going to, and......
  • No Far More Boring Weblog Templates For Your WordPress Blog I am positive that if you are visiting this page, you will be interested in genesis theme framework. Probably the hardest aspect of WordPress to grasp for new customers is that there's no set "look" to the site it produces - the content and design and style are fully separated,......
  • Buying and Selling Collectible Antiques If you have ever watched a television show like Antiques Road show, where people find out that their family heirlooms or garage sale finds are really worth a fortune, then you probably have a secret hope that you may have some valuable collectible antiques in your possession as well. It......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site