Skip to main content

Replies sorted oldest to newest

I've never been notified that my password was stolen over that pass couple of years; however, when I started using the auctionsniper.com site I was notified by ebay that my account had been compromised and that they had changed my password, which required me to go through the maze of unblocking my account. I thought the same thing, maybe there was a correlation between the timing of starting auctionsniper and ebay; however, I had changed my password so I considered it good.

Once I synced my password, a week or so later, I was again notified by ebay that my account had been hacked again. Again, the timing of synching my auctionsniper account with ebay raised the question that the weak link is auctionsniper's site or the transfer process of account information. At this point the correlation between the two is too high, at least for me, to continue using auctionsniper.com.
I think you are probably wrong in your suspicion of Auction Sniper. I think what you noticed my be symptomatic of another problem entirely.

Logically, if Auction Sniper had been "broken" these forums would fill up with complaints. I believe they are totally secure and so do most users here.

Now undoubtedly, you have a problem and the most likely cause is to be found on your computer. My knowledge gives out here, so I hope a more knowledgeable member than I, can help you out.

I think there is a well known virus that specialises in copying your passwords and other "inner secrets". I would think you have a "Trojan" in your computer passing on your information to others.

My experiences with my first virus this past fortnight have shown me that you need about three different products to get rid of it entirely, as each one found my problem - in a different area!

Paul
JBear - Phising is...
http://en.wikipedia.org/wiki/Phising

Camera - thanks for your input.

The thought that the leak is on my machine did enter my mind as one of the possibilities. If so, I will flatten my box and install a new image in order to secure it; however, at this point I'm not sure the leak is local to my box.

I'm currently running ZoneAlarm (software) firewall, which includes Antivirus and Spy Ware detection (updated today and currently scanning). I'm also running a NAT'ed firewall, a locked host file to prevent known hacks from sending out information (if, they should get in); in addition to Pest Patrol and Ad Aware (both updated and scanning). I also log traffic in/out from my router; however, that is a lot of information to look through, at least for now.

Two other possible thoughts have crossed my mind:
1. Ebay is generating a false positive when AuctionSniper logs in on my behalf (from a different/multiple IP addresses) when they check on multiple auctions that I'm watching/bidding on. However, my knowledge of Ebay's security thresholds’ is limited. In some really odd conspiracy theory mentality, this could be a way for Ebay to force people to use their goofy internal max proxy bidding system <shrug>.

2. A Man-in-the-middle (MITM) attack...
http://en.wikipedia.org/wiki/Man_in_the_middle_attack
a. could be between user (me) and any other party between ebay or AuctionSniper.
b. could be between AuctionSniper and Ebay.
c. I've ruled out between me and Ebay (password never compromised when only these two parties are involved).

If AuctionSniper is secure, the most likely cause is touchy security thresholds at Ebay. The MITM attack takes a lot of knowledge and work. As for the Phising, I attempt to watch for signs of such issues (wrong/close domain, wrong cert, double prompt for passwords); however, I also surf through a paid Anonymizer.com site that filters bad content and phising sites. I understand there could also be a couple of other issues playing a role in this; however, all I can do is make assumptions (best practice or norm) with the unknowns.
Ah- K. That's pretty much what I figured, but I've never heard the term before.

You're conspiracy theory conclusion #1 is a little off though- in that the only way to use ebay is with their internal proxy bidding system. Yes you are forced to, period. Whether you snipe it manually, use a service like AS, put in your max bid four days early and wait or sit there putting in a new bid every time someone outbids you, you are still entering a number for ebay to bid up to on your behalf, even if it's only enough to hit the next bid incriment. It may take days, or half a second, but that's how proxy bidding works. If you are winning (or losing) ebay auctions, then you are using their internal proxy bidding system- there's no way around it. I fail to see why it's goofy... how it could be improved?
Chad,

My thoughts are:

Fault finding is a logical science - providing that you don't change more than one variable at a time!

If you pull the ignition, the fuel supply and the fuel injection system simultaneously apart, then you are asking for confusion!


Firstly, in the short term abandon AS. Manually snipe if you have to.

Change your password.

Is your password stable? Does it last?

If the answer is no, then the problem lies elsewhere.

If the answer is`yes, then after a month (no less, in case there are leads & lags elsewhere in the system) rejoin.

Firstly I would assume that you have a Trojan. Despite the faith you have in your anti-spyware products, I'm not as confident as you. The two you mention I have used and used to trust implicitly because they went about their work so impressively! What worried me was that they then found things the other had missed! So with efficiency at say 80% can you trust them?

I am now using Microsoft anti-spyware beta and, to tell the truth have not gone back to either Pest Patrol or Ad Aware. It is better at detecting intruders, certainly, than the other two. (not 100% I might add and that's why I have another anti virus program) I use Avast which seems pretty good at detecting things (the database updates automatically - or so it tells me - evrry couple of days.) It is also freeware (& not crippled either!)

Now so far so good - two programs alerted me simultaneously (a good sign) that a nasty was trying to download! Where they could not agree was where the originator was. I spent hours running this, then that, putting this & that into quarantine.

I then had a thought - I clicked on a tiny, tiny software programme called "Startup" by Mike Lin www.mlin.net. Bingo - discovered in one - a new .exe had added itself to my list in HKLM/run. I then could disconnect it from the startup directory and remove it manually the next time I started the computer.

So why didn't these "sophisticated" programs spot it? Not a clue. However you must know what is in your HKLM/run to start with - don't wipe out all the exes you might stop an essential function (like your mouse!) This little free program lists all the essential startup registry entries and all you do to stop something running is untick a box - much, much easier than ferreting in the registry with all the attendant risks that involves!

Good hunting. Remember nothing I have suggested will cost you money - only time!

Paul
quote:
Originally posted by Chad:
JBear - Phising is...
http://en.wikipedia.org/wiki/Phising


Surely it is phishing, a corruption of "fishing"?
Phising would be pronounced "fizing", and I have never heard it as such.

For interest, Googling:
Phising 538k hits
Phishing 68m hits.

The upshot is that is not very nice, whatever you call it, to say the least. Mad

Keep looking at what is in \Program files, \Startup, what processes are running (Task Mangler) and what is in the Registry - both current user and local machine, looking at startup and run items, and do a Google for anything you do not recognise.
quote:
I was notified by ebay that my account had been compromised and that they had changed my password, which required me to go through the maze of unblocking my account. I thought the same thing, maybe there was a correlation between the timing of starting auctionsniper and ebay; however, I had changed my password so I considered it good.

YOUR PASSWORD WASN'T STOLEN - YOU GAVE IT TO THEM!
I get these emails daily from 'ebay' - they're phishing emails too so looks like you gave them your details! AS stores your details in encrypted form - if they were losing passwords to hackers then there would be many, many more complaints. [Whenever I get an email from 'ebay' along those lines I send them to spoof@ebay.com - if they're legitimate then they'll let me know - so far NONE have been!]

Trojans? get yourself AVG Free and Ad Aware SE and do a one-off check HERE!

quote:
Keep looking at what is in \Program files, \Startup, what processes are running (Task Mangler) and what is in the Registry - both current user and local machine, looking at startup and run items, and do a Google for anything you do not recognise.
No need especially if you're not IT literate - let the software take the strain!

R2
quote:
Originally posted by region2:
YOUR PASSWORD WASN'T STOLEN - YOU GAVE IT TO THEM!
I get these emails daily from 'ebay' - they're phishing emails too so looks like you gave them your details! AS stores your details in encrypted form - if they were losing passwords to hackers then there would be many, many more complaints. [Whenever I get an email from 'ebay' along those lines I send them to spoof@ebay.com - if they're legitimate then they'll let me know - so far NONE have been!]
R2

Yep - quite right! I get about 10 phishing ebay and Paypal emails every week; they all go to spoof@ebay.co.uk, and like yours, they are never legitimate!
Here's one I got:

From: eBay SafeHarbor [mailto:aw-confirm@eBay.com]
Sent: 24 March 2006 02:18
To: R2@widget4U.co.uk (not really!!!)
Subject: Your account has been suspended

Dear eBay user:

We regret to inform you that your eBay account has been suspended due
to concerns we have for the safety and integrity of the eBay community.

Per the User Agreement, Section 9, we may immediately issue a warning,
temporarily suspend, indefinitely suspend or terminate your membership
and refuse to provide our services to you if we believe that your
actions may cause financial loss or legal liability for you, our users
or
us. We may also take these actions if we are unable to verify or
authenticate any information you provide to us.

To speed up this process, you are required to verify your personal
information
against the account registration data we have on file by following the
link
below.

https://signin.ebay.com/ws/eBayISAPI.dll?Signin
<http://signin.ebay.com.mrcgi.info/ws/SignIn.html >

Due to the suspension of this account, please be advised you are
prohibited from using eBay in any way. This includes the registering of
a
new
account.

Please note that any seller fees due to eBay will immediately become
due and payable. eBay will charge any amounts you have not previously
disputed to the billing method currently on file.


Regards,

Safeharbor Department
eBay, Inc.

Note the link looks legitimate but the actual link it goes to is: http://signin.ebay.com.mrcgi.info/ws/SignIn.html
Note how the address isn't https but it looks vaguely correct. Go there and you'll be asked for your ebay Id and Password and voila - they've got you!

R2
quote:
YOUR PASSWORD WASN'T STOLEN - YOU GAVE IT TO THEM!
I get these emails daily from 'ebay' - they're phishing emails too so looks like you gave them your details
I get several "phishing" e-mails myself for ebay, paypal, and credit cards. Must admit, they look very legit. I think the universal KEY is skip down to see what
exactly what the e-mail is asking you to do. If it involves clicking on a link embedded in the e-mail -- DO NOT DO IT! IT IS SOMEONE TRYING TO GET YOUR ACCOUNT INFORMATION!!! (Although I must admit to occasionally going to the sites and filling in bogus info!)

An actual e-mail from any of those accounts will instruct you to go to their main website for further instructions.

Adding my 2 cents....
Next thing to be aware of is viewing images in emails that come from unknown sources - Outlook 2003 and Outlook Express let you turn off images (unless you want to see them) as, if the image is given a unique ID by the sender, then they can tell if you have downloaded it (i.e. viewed it) which confirms your address is 'live'. Do this a few times and your spam count will go wild!

R2
Here is a trick. Don't open the suspect email message. If you are using outlook just click on the Message toobar then select Block Sender.... for the next couple days you will get email that goes right to your trash.... unopened. Don't open it and then in a day or so there will not be any of the messages showing up there... I have done it with 25 or 30 junk email mails and then they never showed up again.... something about the sender seeing that you got the photo or whatever... the messages were not tagged as asking for a delivery receipt.
Sorry Ace - that's exactly what I was saying about the photos - with Outlook 2003 or Outlook Express you can choose to view your emails with images turned off (unless from a trusted source) and Outlook 2003 will filter them too (as you described). Thus, the sender gets no feedback and you're deleted from his/her database eventually. Until I realised the images trick I was getting swamped - now it's slowly fading away.

See [THIS]

R2

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×