15). eBay - HTML.Phishing.Auction-143
This email targets customers of eBay.
Message Details
| Malware Name: | HTML.Phishing.Auction-143 |
| Origin: |  United States |
| Date first seen: | 13/07/2006 06:00:26 |
| Number seen: | 31 |
| Date last seen: | 10/01/2007 16:01:47 |
| From: | "eBay member: amritpal2004" <member@eBay.com> |
| Subject: | Re: Question about payment for item: #8812386909 DELL PRECISION M20 LAPTOP BRAND NEW BOXED!!! NO RESERVE |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://www.google.com/pagead/iclk | ||||
|
13/07/2006 16:14:10 | 16/07/2006 19:28:22 | 71.249.187.180 |
http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html | |
|
http://63.225.106.33/Sign |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1]Learn more.
[hdrLeft_13x39.gif] Response to Question about Item -- Respond Now eBay
[s.gif]
eBay sent this message on behalf of an eBay member via My Messages.
Responses sent using email will go to the eBay member directly and will
include your email address. Click the Respond Now button below to send your
response via My Messages.
[s.gif]
[s.gif]
[s.gif]
Response from amritpal2004
[s.gif] [2]amritpal2004( [3]29 [iconYellowStar_25x25.gif] )
[s.gif] Positive Feedback: 100%
[s.gif] Member Since: Nov-09-04
[s.gif] Location: West Midlands, United Kingdom
[s.gif] Registered On: www.ebay.co.uk
[s.gif]
Item: DELL PRECISION M20 LAPTOP BRAND NEW BOXED!!! NO RESERVE
([4]8812386909)
This message was sent while the listing was active.
amritpal2004 is the seller.
[s.gif]
Hello, Money was sent to you.Please e-mail me as soon as possible because I
want to know when I receive my package. Thank you, pleighty Regards
Respond to this question in My Messages.
[5]Respond Now
[s.gif]
[s.gif]
[s.gif] Item Details
[s.gif]
[s.gif]
Item name: DELL PRECISION M20 LAPTOP BRAND NEW BOXED!!! NO RESERVE
Item number: 8812386909
End date: Jun-07-06 14:08:13 PDT
[s.gif]
[s.gif]
[s.gif]
[s.gif]
Marketplace Safety Tip [6]Marketplace Safety Tip
Always remember to complete your transaction on eBay - it's the safer way to
buy.
Please do not offer to buy or sell this item through this form without
completing the transaction on eBay. If you receive a response inviting you
to transact outside of eBay, you should decline -- such transactions may be
unsafe and are against eBay policy.
[s.gif]
[s.gif]
Is this email inappropriate? Does it violate [7]eBay policy? Help protect
the community by [8]reporting it.
[s.gif]
This email appears in the language of the eBay site where you are
registered.
[s.gif]
Learn how you can protect yourself from spoof (fake) emails at:
[9]http://pages.ebay.com/education/spooftutorial
[s.gif]
Change your [10]notification preferences.
[s.gif]
See our Privacy Policy and User Agreement if you have questions about eBay's
communication policies.
Privacy Policy: [11]http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: [12]http://pages.ebay.com/help/policies/user-agreement.html
[s.gif]
Copyright © 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective
owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
[home;tile=1;sz=1x1;ord=979237602?] [s.gif]
References
1. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
2. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
3. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
4. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
5. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
6. http://pages.ebay.com/securitycenter
7. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
8. http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://www.cardio-physis.com/aspnet_client/system_web/1_1_4322/index.html
9. http://pages.ebay.com/education/spooftutorial
10. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow
11. http://pages.ebay.com/help/policies/privacy-policy.html
12. http://pages.ebay.com/help/policies/user-agreement.html
Additional Examples