Friday, December 29, 2006


There is a scammer's tool floating around the web that has been offered for sale to several ebaY users. This tool allows a scammer to access ALL user info through a utility ebaY uses to track all user information.

If you look at this link, you will see a page with ebaY seller information overlaid with the scammers SCO Helper program that allows the scammer to send second chance offers through ebaY's own system, to potential victims who have bid on the legitimate seller's items.
View Scam Tool Sample

Vladuz appears to be the person who wrote the program to break into the part of ebaY where all user information resides, and where it can be manipulated. He/She also appears to have authored "utilities" to exploit this open back door - such as the SCO Helper, that allows scammers to exploit second chance offers. As far as we can figure from online research, Vladuz is the online handle of a Romanian programmer/hacker, whose name pops up in relation to various scammer sites.

It is very possible that this ebaY function is what is being used by the scammers to post the BAPE auctions, and monitor email queries, replies and payments so they can reroute them. It is obvious that this information is readily accessible to the scammers, and that ebaY has not done anything to close the back door being used by the scammers.

For everyone wondering how scammers on ebaY manage to hijack accounts at will, this is the answer. ebaY says the scammers are getting the info due to ebaY users falling for phishing scams. That explanation let ebaY off the hook, but TAG never believed it, as it never made sense. In light of the BAPE scams - see this article -
it was definitely NOT falling for a phishing scam that exposed the user information of "Jack" or other tech savvy users who have contacted us since, with the same story. In the article we said that it appeared to have to be an insider with access to inside ebaY information. We now conclude that it may not be an ebaY insider, but instead an outsider, with complete access to all user account inside information.

If this is as it appears, ebaY is and has been aware of this wide open back door, and can't or won't do anything about it. We will update this on our website as more information becomes available.

Class action suit anyone?

An interesting note, is that since the earthquake on 26 Dec in Asia, cut off internet access to China and other Asian countries, the number of scams on ebaY has dropped drastically, as is easy to see by searching for BAPE Hoody listings.

Another note of interest is a reference to this tool that appeared on a Chinese Blog. The translation is done via the Google page translator, and as such is not the greatest - but it gives a good idea of what is going on. We have edited out a vulgar word or two - but the rest is as it appeared. Please take note of the dates!

Ebay fishing website procedures
Author : indifference boys Date : 2006-03-30
Small size of the Chinese University :

Classification tool backdoor procedure : "br/> Linux operating platforms :
Tools size : 29,103 Bytes
MD5 5de7108546dfdaeb6d06fb3e02ad2af4 documents :
Source : tools

Ebay fishing website procedures "br/>Readme file
Copyright 2004 vladuz
- Checks if cvv2. cc and pin are numeric only if they are long enough and in lenght. (3 cvv2 min. pin min 4 min 16 cc)
- After script deletes cookie completed tasks

Ebay scam turns v1.6 FINAL~ This scam is in many ways.
It does the following :

Http:// : identical login/sign-in page of 22,500 (the new one)

Index2.php : 1 : if _ _ _ user password are invalid. it will show the identical '[invalid. try again 'of England.
2 : if user/pass are valid. cc/cvv2/exp/real echo ask for the name and current address.
3 : it can check if a user/pass are valid or not.

Index3.php : 1 : Send email and redirect my home to 22,500
2 : Verify if all fields are filled in corectly.
You must have the following installed (this turns on Yahoo hosting files work (paid one))
1. Libcurl installed with PHP.
2. Some brain to configure it.
Configuration :
Open your password setup and index2.php
Open index3.php and setup your subject and email address.
Your email is where you get the emails with user/pass/cc/cvv2/name/exp-date/ip/date/time
Subject is the email subject
Your password is used for email verification or manual checks. For example, if you setuped your password as "vladuz" and you want to do a manual check for the user "a" pass with "b" you have to type this in the government payments are capped : index2.php?user=a&pass=b&pwd=vladuz
On manual verification (when using pwd=) Invalid! the file will either return or, if valid. it will return the user and pass (for copy/paste hehe)
Simple enough?
Well go there and the [expletives deleted]!
For ANY scam email me and I 'll do it in 30 hours max.
Study it, and refrain from doing bad things!
Member of the document only allows downloading! Download the registration |

No comments: