Thursday, 8 December 2005

eBay phishing saga; in summary...

(VRSN)(EBAY)
Last week I noted a problem reporting a phishing email to eBay. I'm pleased to report that the phishing website -- ebaychristmas.net -- is now down. However, I'm not pleased to report how long it took. The detail behind the delay is instructive...

From first report to takedown took 13 days (November 25 to December 7), which is simply unacceptable. However, despite the hilarious response from their "Trust and Safety Department," you should note that eBay wasn't the main factor in this delay. Indeed, the company claims that it first started takedown proceedings on November 8.

The main issue was that the phishing webserver was hosted on a botnet of virus-compromised PCs. The DNS entry for the web site served up a sequence of IP addresses, so that requests for the webpage could go to one of many machines. In other words, taking down "the website" wasn't an option.

Removing the DNS entry was the only practical takedown option. However, the DNS registrar for the domain -- Joker.com, a small company based in Switzerland -- was completely unresponsive to all requests to investigate. Finally, it seems Verisign -- the controller of the .net top-level domain stepped in and removed authority for ebaychristmas.net away from Joker.com. Now requests for the web site come back "no such host."

This sorry saga illustrates the fact that it's important for domain registrars to act quickly and responsibly when abuses such as phishing are brought to their attention. Authorities upstream of the registrar need to be able to exercise some sort of leverage if they don't act.


Tags: , , .

1 comment:

Anonymous said...

I was on eBay yesterday and several auctions they have up are loaded with trojans, when you click the link to go into the auction it loads up trojans on your pc and redirects you to a fake sign up page, all on eBay's servers. I called and wrote eBay about this problem, they responded there is nothing they can do and tried to redirect me to a different dept. You'd think they'd want to get on top of it right away. Below is there responce by email, I personally think eBay is getting to large for there own good,

Hello,

Thank you for taking the time to contact us with this information.

We are concerned about violations on our site and strive to thoroughly
investigate each report we receive. Unfortunately, we are only able to
accept reports of this nature through our Rules and Safety Web Form.

This form will help us classify and investigate the matter in a
timelier
fashion. Please be aware that in order to use this form, you must have
the specific item number of a questionable listing. We cannot accept
reports of eBay User Ids, search results, or URLs.

To resubmit your report, please choose the appropriate policy from the
following Listing Policies page:

http://pages.ebay.com/help/policies/listing-ov.html

For information on infringing or illegal items or for information on
other eBay listing guidelines, please view the following URL:

http://pages.ebay.com/help/sell/item_allowed.html

You may also want to review our current policies at the following URL:

http://pages.ebay.com/help/policies/listing-ov.html

These policies are reviewed and updated from time to time, so please be
sure to double check on terms or policies that you may not be familiar
with.

We appreciate your continued help in keeping eBay a safe and fair place
to trade. Thank you for being part of the eBay community!

Regards,

The eBay Community Watch Team
_____________________________________________

Whether you're new to eBay or an experienced buyer and seller, the eBay
Security & Resolution Center can help you protect yourself on eBay and
online. For more information, please click the "Security Center" link
at
the bottom of most eBay pages.
_____________________________________________

For our latest announcements, please check:

http://www2.ebay.com/aw/announce.shtml
_____________________________________________





Original Message Follows:
-------------------------

Form Message %11100% 110505
D_ID120720051336D_ID/W_ID48798755W_ID/S_ID000S_ID
Subject: IV=C35015 Post contains listing policy violations [#US &1132
?00 ]

User Feedback: 0
User State: ?00

Browser Info: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
.NET CLR 1.1.4322; .NET CLR 2.0.50727)

Report a listing policy violation or prohibited (banned) item >
Inappropriate Want It Now post > Post contains listing policy
violations

Message: One of my pc's got ruined tonight on eBay, some of the
listings on ebay are handing out trojan's, the ones I seen and was
victim to are in the "Totally Bizzare" section,

http://cgi.ebay.com/My-virgin-pusy-only-10000-USD_W0QQitemZ5644408843QQcategoryZ1469QQrdZ1QQcmdZViewItem

http://cgi.ebay.com/F-k-m-1-day-for-only-1000_W0QQitemZ5644409990QQcategoryZ1469QQrdZ1QQcmdZViewItem

That is a couple links to these fruadulent auctions. These could cause
a
big problem for ebay.
Best Regards'


Can you believe the lack of action by eBay, I won't be useing them anymore after this. They simply don't care about customers anymore it seems.

I hope this info helps someone from getting there pc ruined to!

Post a Comment