151). eBay - HTML.Phishing.Auction-111
This email targets customers of eBay.
Message Details
| Malware Name: | HTML.Phishing.Auction-111 |
| Origin: |  Japan |
| Date first seen: | 16/07/2006 17:21:04 |
| Number seen: | 34 |
| Date last seen: | 17/10/2006 06:53:45 |
| From: | "member@ebay.com"<member@ebay.com> |
| Subject: | Message from eBay Member |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
16/07/2006 17:22:15 | 17/07/2006 07:48:06 |  196.211.17.234 |
http://www.kinnor.co.za/~johan/cgi_bin/ws/ISAPIdllUPdate/ISAPIdllSignInpUserId=co_partnerId=siteid=0pageType=-1pa1=UsingSSL=1bshowgif=favoritenav=errmsg=8/index.html | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
eBay sent this message!
Your registered name is included to show this message originated from eBay.
[1]Learn more.
[hdrLeft_13x39.gif] Question from eBay Member -- Respond Now eBay
[s.gif]
eBay sent this message on behalf of an eBay member via My Messages.
Responses sent using email will not reach the eBay member. Use the Respond
Now button below to respond to this message.
[s.gif]
[s.gif]
[s.gif]
[s.gif]
Question from pellet8
[s.gif]
[s.gif] Activity with pellet8 (last 90 days):
[s.gif] - I have bid on 0 items from pellet8
[s.gif]
[s.gif]
[s.gif] [2]pellet8 ( [3]459 [iconYellowStar_25x25.gif] )
[s.gif] Positive Feedback: 99.8%
[s.gif] Member Since: 04-Oct-02
[s.gif] Location: CA, United States
[s.gif] Registered On: www.ebay.com
[s.gif]
Why did you contact the biders of my listing and told them that you are the
real seIIer?
I will report you to ebay.
Respond to this question in My Messages.
[4]Respond Now
[s.gif]
[s.gif]
[s.gif] Item Details
[s.gif]
[s.gif]
Item number: 300004146401
End date: Jul-04-06 21:23:41 PDT
[s.gif]
[s.gif]
View item description:
[5]http://cgi.ebay.com/New-DELL-XPS-M1210-CoreDuo-2GHz-1G-100GB-256MB-Geforc
e_W0QQitemyZ80208QQrdZ1QQcmdZViewItem
[s.gif]
Thank you for using eBay!
[6]http://www.ebay.com/
[s.gif]
[s.gif]
Marketplace Satety Tip [7]Marketplace Satety Tip
If this message is an offer to seII an item without wlnnlng it on the eBay
Web site (including seon chace Offers sent through My Messages) please do
not respond to the sender. These external fransacfions are unsate and not
covered by eBay purchase protection programmes.
Never pay for your eBay item through instant wire trans services such as
[8]Wetern Unlon or [9]MoneyGram. These payment methods are unsate when
paying someone you do not know.
[s.gif]
[s.gif]
Is this email inappropriate? Does it breach [10]eBay policy? Help protect
the community by [11]reporting it.
[s.gif]
[s.gif]
Learn how you can protect yourself from spoof (fake) emails at:
[12]http://pages.ebay.co.uk/education/spooftutorial
[s.gif]
This eBay notice was sent to you on behalf of another eBay member through
the eBay platform and in accordance with our Privacy Policy. If you would
like to receive this email in text format, change your [13]notlticatlon
preterences.
[s.gif]
See our Privacy Policy and User Agreement if you have questions about eBay's
communication policies.
Privacy Policy:
[14]http://pages.ebay.co.uk/help/policies/privacy-policy.html
User Agreement:
[15]http://pages.ebay.co.uk/help/policies/user-agreement.html
[s.gif]
Copyright © 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective
owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.
References
Visible links
1. http://pages.ebay.co.uk/help/confidence/name-userid-emails.html?fromFeature=My20eBay
2. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=pellet8&iid=300004146401&frm=284&ssPageName=VIP:feedback:1:us
3. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=pellet8&iid=300004146401&frm=284&ssPageName=VIP:feedback:1:us
4. http://www.kinnor.co.za/~johan/cgi_bin/ws/ISAPIdllUPdate/ISAPIdllSignInpUserId=co_partnerId=siteid=0pageType=-1pa1=UsingSSL=1bshowgif=favoritenav=errmsg=8/index.html
5. http://cgi.ebay.com/New-DELL-XPS-M1210-CoreDuo-2GHz-1G-100GB-256MB-Geforce_W0QQitemZ300004146401QQihZ020QQcategoryZ80208QQrdZ1QQcmdZViewItem
6. http://www.ebay.com/
7. file://localhost/var/pss/phishtank/data/.151/mime/msg-10178-1.html
8. http://pages.ebay.co.uk/help/confidence/isgw-fraud-sending-payments.html?fromFeature=My%20eBay
9. http://pages.ebay.co.uk/help/confidence/isgw-sending-payments.html
10. http://pages.ebay.co.uk/help/policies/rfe-unwelcome-email-misuse.html?fromFeature=My%20eBay
11. http://cgi1.ebay.co.uk/aw-cgi/eBayISAPI.dll?ReportEmailAbuseshow&reporteruserid=cliveninnes&reporteduserid=rhody1510&emaildate=2005/10/02:18:56:58&emailtype=1&emailtext=Are+you+still+loog+for+a+er+for+your+Case+Catalyst+software3F+++If+so%2C+is+will+Stenograph+be+aware+of+the+purchase%3F++I+do+not+want+to+have+to+pay+twice+for+the+software.%0D%0A%0D%0AThanks%21%21%21%0D%0A%0D%0APam&trackId=1308993619
12. http://pages.ebay.co.uk/education/spooftutorial
13. http://cgi4.ebay.co.uk/ws/
14. http://pages.ebay.co.uk/help/policies/privacy-policy.html?fromFeature=My%20eBay
15. http://pages.ebay.co.uk/help/policies/user-agreement.html?fromFeature=My%20eBay
Hidden links:
16. http://cgi.ebay.com/3-Xbox-360-Faceplates-E3-Zero-Hour-PGR-3-Autographed_W0QQitemZ8270029659QQcategoryZ122517QQrdZ1QQcmdZViewItem
Additional Examples