14). eBay - HTML.Phishing.Auction-60

This email targets customers of eBay.

Message Details

Malware Name:HTML.Phishing.Auction-60
Origin: United States
Date first seen:13/07/2006 04:30:38
Number seen:42
Date last seen:06/08/2006 23:40:16
From:"aw-confrim@ebay.com" <ebay@ebay.com>
Subject:*Oficial Updates From eBay InC. !!!

Attacker's URLs

The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.

The table shows the current status of the site: if it is still reachable (), or if it has been shut down (). If the site has not been confirmed as a phishing site it is shown with the symbol . The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the symbol.

StatusFirst observedShut DownInternet AddressURL
http://218.22.71.19/.ebay/ebay_usr/ISAPIdllSignIn
13/07/2006 04:32:08 United States 66.94.237.85 http://hostingprod.com/js_source/geov2.js   

Message Text

The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.

Message Display
Enlarge
How the message body looks in an email client.

   []

   [] Billing confirmation center

   [file:]

   []

   []

   []

   []

   [1]eBay Security Center 

   We were unable to process your most recent payment. Did you recently change
   your bank, phone number or credit card?.
   To ensure that your service is not interrupted, please update your billing
   information today [2]by clicking here. Or contact eBay Member Services Team.
   We're available 24 hours a day, 7 days a week.
   If you have recently updated your billing information, please disregard this
   message as we are processing the changes you have made.
   Regards,
   eBay Member Services Team
   Learn more about [3]selling with confidence.

   [x.gif]

   [x.gif]

   [x.gif]

   If this email is inappropriate or in any way violates eBay policy, please
   help  protect  other  eBay  community members by [4]reporting it to us
   immediately.

   [x.gif]

   [x.gif]

   [x.gif]
     _________________________________________________________________

   eBay treats your personal information with the utmost care, and our Privacy
   Policy is designed to protect you and your information. eBay will never ask
   their users for personal information, such as bank account numbers, credit
   card numbers, pin numbers, passwords, or Social Security numbers in an
   email. For more information on how to protect your eBay password and your
   account, please visit [5]User Account Protection.

   This eBay notice was sent to you based on your eBay account preferences and
   in  accordance with our [6]Privacy Policy. To change your notification
   preferences, [7]click here. If you would like to receive this email in text
   format, [8]click here.

              Copyright © 2005 eBay Inc. All Rights Reserved.
   Designated trademarks and brands are the property of their respective
                                  owners.
             eBay and the eBay logo are trademarks of eBay Inc.

   setstats 1

References

   Visible links
   1. http://pages.ebay.com/securitycenter/selling_safely.html
   2. http://218.22.71.19/.ebay/ebay_usr/ISAPIdllSignIn&pUserId=&co_partnerId=2&siteid=0&pageType=-1&pa1=&i1=-1&UsingSSL=1&bshowgif=0&favoritenav=&ru=&pp=&errmsg=8.html
   3. http://pages.ebay.com/securitycenter/selling_safely.html
   4. http://pages.ebay.com/help/policies/rfe-spam-non-ebay-sale.html
   5. http://pages.ebay.com/help/account_protection.html
   6. http://pages.ebay.com/help/community/png-priv.html
   7. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow
   8. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow

   Hidden links:
   9. http://pages.ebay.com/securitycenter/selling_safely.html

Additional Examples

Functions

Advice