«
»

Interesting vector for browser vulnerability exploit…ebay



incidents.org has received a tip on an ebay item that contained some malicious script…

ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link that tries to get a trojanized .jar (usage.jar) file loaded on anyone who loads the listing. The latest .dat for McAfee immediately detected (and deleted) the code as Exploit-ByteVerify. The lister most likely managed to bypass other protections that otherwise prevents this kind of code from being inserted into item listings. Both eBay and the ISP that is hosting the malware have been notified.


This is an interesting way to use a legit site to sneak something past the casual users. Their warning is to verify any html input that you allow from visitors to your site.

Popularity: 1% [?]

PDF    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Facebook Fan Check Application Virus Just as last week, the facebook fan check application virus rumor is making the rounds again. And also just as last week people searching for information on the facebook fan check virus are running into some of the top search results hosting malware. There were several attack sites up last......
  • Multi-OS virus? The multi-OS virus may be a proof of concept, but it could be a sign of bad things to come. Let's face it, there have been viruses that have taken advantage of multiple ways of spreading (email/open network shares/instant messengers...) It would almost make sense that even though it's POC..........
  • Big Go-Daddy hosting attack In what feels like a continuation of recent bad news related to major hacks and data losses.....George Ou reports on a BIG hack of GoDaddy hosting customers. There was also a big hack-athon by Turkish hackers over the last week that will be recorded as the biggest mass-web-site-defacement on record.........
Blog Traffic Exchange Related Websites
  • Make Money On EBay - Easily I am a seller on eBay, and here are my top tips for making money on eBay easily. This is aimed at helping newcomers to make money on eBay, starting with some important basics. Firstly, when you register on eBay you need to choose a name (eBay ID). Give this......
  • Stormpulse Earning Thousands on Tips Alone The other day I came across a really nice hurricane tracking site called Stormpulse. I used it to track Hurricane Hanna as she skimmed past the coast of Florida, and have been using it to keep an eye on Ike as well. Today I was checking Ike's progress through the......
  • Is It Better When You "Win" It? Ebay has been running an interesting campaign over the last couple of weeks. You may have seen a series of "Shop Victoriously" commercials. These show people in competition for some kind of trinket or collector's item, such as a classic lunch box or an urn. By the end of the......

Similar Posts


This entry was posted on Wednesday, December 7th, 2005 at 2:31 pm and is filed under Computers, Security, Viruses. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site