[Mimedefang] Re: Ebay Redirecotr (Fw: Account Verification)
Kevin A. McGrail
kmcgrail at pccc.com
Sun Feb 20 08:45:52 EST 2005
This is a follow-up to my initial discovery that eBay has it's own
redirector and this redirector was now showing up in Phishing scams.
Despite my adamant, fervent & rabid inquiries, eBay has done nothing. With
the rise of the use of the redirector on eBay and this more obscure url now
being used, I believe even more phish-aware users would be caught:
http://cgi4-munged.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%30%33%2E%32%33%34%2E%32%35%2E%31%39%30%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQfgfhgTDrferHCURstpAisNfgpAisNRqAhQRfhgTDrferHCUQRfqzeHAfdeMWZlHhlWXh
Anyone who knows anyone at eBay that understands security should email them
and tell them to turn this redirector OFF.
In the meantime, here's an SA Rule to help catch it which I would appreciate
feedback about:
# This rule is to mark emails using the exploit of the eBay redirector
uri KAM_EBAYREDIR /.*.ebay.com.*RedirectToDomain/i
describe KAM_EBAYREDIR Attempted use of eBay redirector - high
probability of fraud
score KAM_EBAYREDIR 7.0
More posted at:
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Regards,
KAM
More information about the MIMEDefang
mailing list