1). eBay - PSS.Phishing.ebay.com-1 (Awaiting official AV Signature).
This email targets customers of eBay.
Message Details
| Malware Name: | PSS.Phishing.ebay.com-1 (Awaiting official AV Signature). |
| Origin: |  United States |
| Date first seen: | 12/07/2006 10:33:42 |
| From: | "eBay Member: steven437304"<member@eBay.com> |
| Subject: | Question from eBay Member regarding Item #150003091945 |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://contac-ebay-com.land.ru/ws/eBayISAPIFES.dll.php.html |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
eBay eBay sent this message to Ernest Zarate (caphotodude).
Your registered name is included to show this message originated from eBay.
[1]Learn more.
[ltCurve.gif]
Question about Item -- Respond Now
[rtCurve.gif]
[s.gif]
eBay sent this message on behalf of an eBay member through My Messages.
Responses sent using email will go to the eBay member directly and will
include your email address.
[s.gif]
[s.gif]
[s.gif]
[s.gif]
Question from steven437304
[s.gif] [2]steven437304( [3]4)
[s.gif] Positive feedback: 100%
[s.gif] Member since: Jul-17-05
[s.gif] Location: CA, United States
[s.gif] Registered on: www.motors.ebay.com
[s.gif]
Item: brand new SONY ERICSSON W900 ([4]150003091945)
This message was sent while the listing was active.
steven437304 is a potential buyer.
[s.gif]
if i win can i do local pick up with cash? thnaks
Respond to this question
[s.gif]
[5]Respond Now
[s.gif]
Responses in My Messages will not include your email address.
Thank you,
eBay
[s.gif]
Details for item number: 150003091945
Item title: brand new SONY ERICSSON W900
Item URL:
[6]http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=150003091945&sspagenam
e=ADME:B:AAQ:US:1
End date: Wednesday, Jun 28, 2006 17:51:45 PDT
[s.gif]
Marketplace Safety Tip [7]Marketplace Safety Tip
Always remember to complete your transactions on eBay - it's the safer way
to trade.
Is this message an offer to buy your item directly through email without
winning the item on eBay? If so, please help make the eBay marketplace safer
by reporting it to us. These "outside of eBay" transactions may be unsafe
and are against eBay policy. [8]Learn more about trading safely.
[s.gif]
[s.gif]
Is this email inappropriate? Does it violate [9]eBay policy? Help protect
the Community by [10]reporting it.
[s.gif]
[s.gif]
[s.gif]
[s.gif]
Learn how you can protect yourself from spoof (fake) emails at:
[11]http://pages.ebay.com/education/spooftutorial
This eBay notice was sent to [12]ejzarate@comcast.net on behalf of another
eBay member through the eBay platform and in accordance with our Privacy
Policy. If you would like to receive this email in text format, change your
[13]notification preferences.
See our Privacy Policy and User Agreement if you have questions about eBay's
communication policies.
Privacy Policy: [14]http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: [15]http://pages.ebay.com/help/policies/user-agreement.html
Copyright © 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective
owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
References
1. http://pages.ebay.com/help/confidence/name-userid-emails.html
2. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=steven437304&sspagename=ADME:B:AAQ:US:2
3. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=steven437304
4. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=150003091945&sspagename=ADME:B:AAQ:US:1
5. http://contac-ebay-com.land.ru/ws/eBayISAPIFES.dll.php.html#?M2MContact&item=150003091945&requested=steven437304&qid=2540509155&redirect=0&sspagename=ADME:B:AAQ:US:2
6. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=150003091945&sspagename=ADME:B:AAQ:US:1
7. http://pages.ebay.com/securitycenter
8. http://pages.ebay.com/securitycenter/selling_safely.html
9. http://pages.ebay.com/help/policies/rfe-unwelcome-email-misuse.html
10. http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?ReportEmailAbuseshow&reporteruserid=caphotodude&reporteduserid=steven437304&emaildate=2006/06/27:19:40:34&emailtype=0&emailtext=if+i+win+can+i+do+local+pick+up+with+cash%3F+thnaks&trackId=2540509155
11. http://pages.ebay.com/education/spooftutorial
12. mailto:ejzarate@comcast.net
13. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow
14. http://pages.ebay.com/help/policies/privacy-policy.html
15. http://pages.ebay.com/help/policies/user-agreement.html