Hackers used vulnerabilities in Firefox and Internet Explorer to create fake eBay listings and get users to bid on them, news agencies reported Monday.
The scam was not a new security threat, says Nichola Sharpe, a spokeswoman for eBay.
"Our online security experts are already aware of this and have identified it as a known bug in Firefox," Sharpe notes. "eBay utilizes sophisticated security technologies to protect our customers against attacks such as this. We continually update our security to deal with emerging threatsand have done so with this threat."
eBay officials say all the fake listings have been taken down but warn that listings on other Web sites that accept content created by users may still be vulnerable.
No estimates were available on how many buyers were fooled into purchasing items from the fake listings.
Internet Explorer says the breach was not a result of weaknesses on its browser.
"Our investigation has shown that it is not vulnerability in Internet Explorer," notes Bill Sisk, Microsoft's manager of Security Response Communications. "In fact, the claim represents a method by which malicious attackers can exploit specific functionality in Web sites to bypass security measures. The nature of these attacks is not new and Web site operators commonly have protections in place to mitigate such attacks."
Firefoxwhich had almost twice as many weaknesses as Internet Explorer and Safari combined in 2008, according to browser vulnerability research by Secuniais in the process of correcting its vulnerabilities.
According to Infopackets, a technology news source, scammers targeted Firefox by exploiting the way the browser implements XML binding language, or XBL.
"After the hacker had created an infected CSS (cascade-style sheet) on a third-party site, Firefox was tricked into allowing forbidden codes that led to fraudulent content on the listings," Infopackets reports.
Tracking the fraudulent listings was tough because item numbers changed every time the pages loaded, according to reports. This also made the listings appear to be "live." It took eBay more than 24 hours to remove one of the fake listings.
Other Entries by this Author
Auctiva staff writers constantly monitor trends and best practices of those selling on eBay and elsewhere online. They attend relevant training seminars and trade shows and regularly discuss the market with PowerSellers and other market experts.