Fraudsters have exploited a flaw in the eBay web site that allows them to orchestrate phishing attacks using eBay's own Sign In page.
Registered users of eBay's popular online auction web site must sign in using a username and password in order to participate in bidding and listing of items. A new style of phishing attack reported through the Netcraft Toolbar community shows fraudsters exploiting flaws on the Sign In page and on another ancilliary page which results in victims being redirected to the fraudster's phishing site after they have logged in.
This particular attack starts off like many others, by sending thousands of emails that instruct victims to update their eBay account details by visiting a URL. However, that is where the similarity ends, because the URL in this case actually takes the victim to the genuine eBay Sign In page, hosted on signin.ebay.com. By including special parameters at the end of the URL, the fraudster has changed the behaviour of the Sign In page so that when a user successfully logs in, they will then be sent to the fraudster's phishing site via an open redirect hosted on servlet.ebay.com.
The eBay Toolbar reports that the maliciously modified Sign In page is a "Verified eBay Site". Conversely, the Netcraft Toolbar denies access to the modified page while still allowing access to genuine eBay Sign In pages.
The victim is more likely to trust the contents of the fraudster's site, because they have arrived there as a result of signing into eBay via a genuine eBay Sign In page. Because there is less reason to suspect anything is awry, the victim is more likely to surrender any sensitive details in the mistaken belief that they are really giving them to eBay.
The secret to one of the Internet's fastest-growing businesses can be found on a web server operated by Oversee.net, a little-known Los Angeles Internet marketing company. That single server houses more than 500K hostnames, all bearing web pages filled with pay-per-click advertisements from Google and Yahoo Search Marketing, and generating revenue for the owners of those domains.
Oversee operates Domain Sponsor, one of the largest players in the domain monetization industry. These services place pay-per-click ads on parked domains, optimize the sites to attract traffic, and split the resulting ad revenue with the domain owner. Their success has helped the domain resale market evolve from a speculative venture into an industry with a defined business model, which is now attracting considerable interest from venture capital firms.
Domain parking services use advanced analytics for ad matching and traffic building, and are efficient in their use of web hosting, packing thousands of domains on their servers. These operations have helped solidify the statistical leadership of open source hosting platforms, as nearly all are served by Apache web servers running on either Linux or FreeBSD.
EurID, the operator of the new .eu top-level domain (TLD), says registrars won't be allowed to sell .eu domains through resellers. In a statement on its web site, EurID says its agreement with the European Commission prohibits .eu sales by parties that haven't been approved by EurID. "This means that the offering of services as a 'reseller' ... is completely excluded," says the statement. While no firm date has been set, the launch of .eu domain sales is expected to begin in early 2006. Domain industry insiders say similar reseller bans are being considered for other upcoming TLDs, including the .xxx and .travel extensions.
Resellers are an important sales channel for many domain name registrars, who provide back-end management of the domains sold by partners. The reseller model is used by thousands of web hosting companies, allowing them to seamlessly sell domain names alongside their core hosting and e-mail offerings. Some registrars specialize in the reseller market, providing private-label domain management sites, which can be branded with the resellers' logo and marketing. One of the largest reseller networks is operated by eNom, which is among the registrars approved by EurID to sell .eu domains.
The web site for the World of Warcraft online game was unavailable for much of the day Tuesday, with many of its game servers offline for maintenance as well. The "virtual world" now has more than 3.5 million subscribers, including 1.5 million new paying customers from China. Users on numerous World of Warcraft servers have been reported performance problems in recent weeks.
A dynamically updating chart of World of Warcraft's web site performance is available here.
The Mozilla Foundation site has been experiencing intermittent performance problems, which began early Sunday. Mozilla.org is the home of Firefox, the free web browser which has been downloaded nearly 75 million times. Version 1.0.6 of Firefox was released last week, but it's not clear whether the update contributed to Sunday's sluggish performance for the Mozilla.org site, which was slowed by heavy demand during the browser's launch last November. UPDATE: Mozilla reps say a software misconfiguration, rather than heavy traffic, was responsible for the site's performance problems (details here).
A dynamically updating chart of the Mozilla site's performance is available here.
The operator of the .name registry is offering a "free trial" on its domains, and appears to be encouraging registrars to mass-register .name URLs for existing customers. The Global Name Registry, which oversees .name, is limiting the freebie to a 60-day trial period, after which the registrant must pay for the name or return it to the registry. The promotion refines an Afilias' promotion from last year offering introductory free pricing on .info domains, but places a shorter time frame (60 days versus one year) before the domain fees must be paid. "All Free Trial Names are registered in bulk, i.e. an ISP/Registrar can allocate a free trial name to each of its customers at no charge," the offer notes. eNom affiliate Sipence used the Afilias offer last year as an opportunity to bulk register 1 million .info domains for customers who owned the same name in .com or .net.
The .name promotion was the major pricing news in a month in which prices for a one-year .com name held steady across our list of domain sellers.