[Mimedefang] Re: Ebay Redirecotr (Fw: Account Verification)

Kevin A. McGrail kmcgrail at pccc.com
Sun Feb 20 08:45:52 EST 2005

This is a follow-up to my initial discovery that eBay has it's own
redirector and this redirector was now showing up in Phishing scams.

Despite my adamant, fervent & rabid inquiries, eBay has done nothing.  With
the rise of the use of the redirector on eBay and this more obscure url now
being used, I believe even more phish-aware users would be caught:


Anyone who knows anyone at eBay that understands security should email them
and tell them to turn this redirector OFF.

In the meantime, here's an SA Rule to help catch it which I would appreciate
feedback about:

# This rule is to mark emails using the exploit of the eBay redirector
uri             KAM_EBAYREDIR    /.*.ebay.com.*RedirectToDomain/i
describe        KAM_EBAYREDIR    Attempted use of eBay redirector - high
probability of fraud
score           KAM_EBAYREDIR    7.0

More posted at:


More information about the MIMEDefang mailing list