Results tagged “EBay” from SpywareGuide Greynets Blog

EBay / Paypal Reports Security Blog To FBI For Phish Screenshot

By
Christopher Boyd
on July 14, 2009 9:59 PM |
I'm amazed by this - my good friend LoLo (who was writing about & shutting down Myspace scams when I was knee high to a grasshoper or something) has been sent a frankly ludicrous scaremail by EBay / Paypal, in relation to a screenshot of a phishing mail in a phish dissection post.

Seriously.

Dear ISPrime, Inc.,

We have just learned that your service is being used to violate PayPal trademarks and/or copyrights. Specifically, it appears that an ISPrime, Inc. user is hosting a page at 64.111.214.22 - http://www.ghettowebmaster.com/images/paypal-phishing-email.gif which uses our trademarks inappropriately.

While we believe that the above information gives your company more than a sufficient basis for disabling the page immediately, out of caution we note that your user's unauthorized reproduction of PayPal trademark and copyrighted materials violates federal law, and places an independent legal obligation on your company to remove the offending page(s) immediately upon receiving notice from PayPal an eBay, Inc. company, the owner of the copyrighted materials. Accordingly, the information below serves as PayPal's notice of infringement pursuant to the Digital Millennium Copyright Act, 17 U.S.C. Section 512 (c)(3)(A):

It gets better - or should that be worse:

Finally, please be advised that we have referred this issue to the Federal Bureau of Investigation for their investigation. The F.B.I. has requested that we convey to you in this message their request that you preserve for 90 days all records relating to this web site, including all associated accounts, computer logs, files, IP addresses, telephone numbers, subscriber and user records, communications, and all programs and files on storage media in regard to all Internet connection information, pursuant to 18 U.S.C. ? 2703(f). While we do not act as an agent of the FBI in conveying this request, we do intend to fully cooperate with their investigation, and encourage you to do so as well.

eBay/PayPal Inc.
Audit and Investigations
securityalerts@ebay.com

Jaw dropping. Did the person who initiated this fiasco not bother to check the original post? Because if you're going to dissect a phishing mail while warning people about it, it tends to help if you put a screenshot or two up. However, rather than go after the phisher, they tried to swing the banhammer at the good guy. Generally, you'd think people who are doing your brand a favour by alerting the general public to scams regarding your website are NOT the people you should be aggravating, because good will and a general desire to help quickly evaporates when faced with stupidity such as this.

If you run a security blog and happen to get one of these wonderful missives sent to your ISP (or even better, through the post) then please, let us know. As for EBay / Paypal - taking ten seconds to digest the content of a blog post works wonders...

Tags:

Magic EBay Money

By
Christopher Boyd
on November 18, 2008 8:21 PM |
This particular program we're about to look at is currently being promoted via videos on sites such as Youtube. The program is touted as an "electronic Paypal hacker" - supposedly, it reaches right into Paypals systems and simply "creates digital money", despositing an amount of your choice into your Paypal account. There now follows some cod-technospeak as the creator attempts to define this supposedly "victimless" crime:

pp12.jpg

"All verified accounts are stored on a verified server. That's where all the cash gets sent. When people send cash, they send packets. When you have $10 or more, that means you have enough packets for the hack to execute. When people send the fake PP cash, I grab their packets and it adds to your account. It is completely legal, Paypal money is electronic so no harm done to ANYONE!"

....sigh. Well, there's no harm done except to anyone foolish enough to fall for such a scam. In time honoured tradition, this is what the EXE looks like on your desktop:

pap1.jpg

Look, a moneybag! It has to work! Fire the program up, and...

pap2.jpg
Click to Enlarge

Very slick looking. Hit the "I Agree" button, and you'll see this:

pap4.jpg
Click to Enlarge

...you're presented with a rather fetching interface. In the spirit of making you think they're doing you a favour, you can find an MP3 player built in, links to popular networking sites along the bottom (along with a few hacking sites for good measure) and a big blank browser window.

How does this program work?

pap5.gif

Yes, amazingly that's all there is to it. Honest. Hit "Connect", and you'll see some random messages appear in the Status Display - just to make you feel more like you're really doing something hacker-ish:

pp10.jpg

pp8.jpg

With programs like this, who needs to watch The Matrix? Anyway, the previously empty browser window now fills up with the Paypal website:

pap6.jpg
Click to Enlarge

Our wannabe hacker still hasn't actually hacked anything yet, but fear not - hit the "Add Cash" button (after selecting an amount of either 100 Dollars or Euros), the following screen appears:

pap11.jpg
Click to Enlarge

"Choose the amount you want, then login in this TPPH Login page to receive the money into your account. Attention: This will not work if you don't have a valid (verified) Paypal account containing $10".

Of course, anyone familiar with Paypal will know that this popup is not from the official Paypal website - it's something the creator of the application has put together. Let's see - they want you to "Submit" your Paypal login details somewhere....they want you to have a Verified account....and they request that you already have a minimum amount of cash in there when you submit the information.

Does that sound like you're going to get free Paypal money? Or does it sound more like you've just sent your Paypal login details to a complete stranger in an overly elaborate fashion?

We detect this as PPHack.

(Thanks to Senior Threat Researcher Chris Mannon for additional research).

Tags:

Large Collection Of Stolen EBay Logins

By
Christopher Boyd
on October 13, 2008 5:35 PM |
While investigating an unrelated case of Phishing yesterday, we came across the biggest haul of stolen EBay logins we've ever seen.

How big?

Well, here's a screenshot of the "Word Count" from the document the details are stored in:

logins.gif

Each line is taken up by a single EBay Username, Password and EMail account.

Unfortunately, there are 5,534 of them and they're spread across 121 pages. Here's a random screenshot of page 113, each page containing roughly 46 usernames apiece:

page11.gif
Click to Enlarge

Quite a lot of the accounts don't exist or are no longer registered users, but there's enough live accounts in there for this to be something of a worry (there also don't appear to be any duplicates, which is unusual for a collection this big). At first glance, it's hard to say exactly where the data has come from or how new / old some of it is (it's apparently been passed around various file download sites over the past week or two), though a massive "roll-up" of stolen accounts from various Phishers seems most likely.

Most of the live accounts we saw look like this:

ebay1.jpg

These would be newly registered users, or users with low feedback scores because they don't tend to use EBay that much. These are prime targets for Phishers, because they're more likely to be fooled by fake logins.

Another worry is that many new / inexperienced users on EBay use the same login details for Paypal, so there's the possibility of being able to access two sets of accounts from the same data. I should mention, it's not just new EBayers that can be caught out by these kinds of scams - there were quite a few high scoring EBayers in the stolen logins too.

A source tells me that hackers attempting to use these logins claim some have been "locked out" (presumably logging in on an account from an unfamiliar IP address is triggering EBay Security checks) though my source also tells me there are people bragging about there being "A lot of goodies" still in the list.

We've notified EBay, and had the data removed from the web where possible (a hat tip to Google for assisting in the removal of some cached data from their search engine). Hopefully EBay will act quickly on the information they've been provided and assist those unfortunate enough to have been Phished.

Tags: