Keep e-Phishing at Bay – K7 Security Blog

A thus far undisclosed, potentially serious security flaw has been discovered on eBay according to BBC News. Hackers were apparently successful in exploiting a weakness on eBay’s website that enabled them to multi-redirect customers, via a landing page listing iPhones, to phishing pages purporting to be those of eBay so as to steal their login credentials.

Unfortunately is it likely that several users would have been duped into surrendering their credentials, thus handing over control of their accounts to the bad guys. However, K7 users would have been protected since one of the redirector URLs was blocked by the malicious URL-blocking feature which has the overall effect of nullifying the multi-step redirector chain and protecting users.

From the user’s side it’s difficult to differentiate between legit redirection and non-legit redirection so this is best left to the site blockers in internet security products such as K7 Total Security.

In addition to that we also found directory listing and outdated plugins (such as JWplayer) on the destination website to which users were being redirected. Based on website fingerprinting, it seems websites hosting the phishing pages were almost certainly compromised by the attackers to hide their tracks.

The phishing pages have now been removed, but the domains are still live and we aren’t sure whether the core vulnerability which allowed the hackers in in the first place has been patched. In other words the webserver may be vulnerable to being hacked once more.

At the time of writing this blog we are unsure whether the cross-site scripting (XSS) flaw exists in other eBay item listings which may or may not be currently in the process of being maliciously exploited. Given the popularity of a site such as eBay, the impact of such an attack can be far reaching and varied; it is possible to leverage redirections to deliver malware via drive-by-download attacks.

The question which pops up is, “Was this just a phishing attack ??” It could have been much much more damaging.

Image courtesy of mashable.com.

Priyal Viroja, Vulnerability Researcher, K7TCL

Re-published by K7 Computing Ireland

 

Phone text – free calls offer?

Phone Text phishing scams are nothing new in the recent years, but they are just not so common, like e-mail scams are. You know those Millions winning offers, bank details request to transfer gadzillions of dolars from some princess in some country, and many others. Funny ones or sometimes even very convincing one.  Recently we have received screenshots from our colleges in Ireland for a phishing scam targeting O2 provider customers via text message.

Message is simple:

If you are not many of us – click at what ever shows up on the screen, than you will notice what’s wrong with the message: The link is not to O2 page, which is o2.co.uk or o2.ie but it’s to o2upgrades.org

ORG domain is purposely for organization with non-profit character. So deferentially not O2.

If you click at the link you are redirected to:

And here is exactly what we expected – phishing page where you enter your Mobile number and password. Therefore exposing your account details.

We have entered fictive details in to the form, and what happens next is that we are redirected after to legitimate O2 website login page:

And this is what most user are not aware of. For that split of second you have entered your login details on the page 2 and pressed submit, your records were written to someones database, and than you are passed to the legitimate O2 website. You think, hm… maybe I did enter it wrong. If yo did it right, you have just gave your details to some cyber criminal who can pass your details further, sell it on the black market or even use it himself. You are now on the legitimate O2 website login page, but no sign about the special offer. Why? Because it never existed. That was the whole phishing scam – phishing because  what it means – to lure you somewhere where you would enter your login details so they get recorded for someone, somewhere for some purpose.

Be aware: if something looks as a very good offer, and it’s sent straight to you, stop, and think. In most cases it’s a scam. And if you are not sure, why not to ring the sender to make sure that the message is legitimate?

And in case you fell for the scam, just change your login details immediately.

-sg-

Prepared by K7 Computing UK and K7 Computing Ireland.