- Joined
- May 15, 2016
- Messages
- 5,158
- Likes
- 2,576
- Points
- 1,730
Information security experts and journalists at Bleeping Computer found that the site ebay.com scans the local ports of visitors in search of applications for remote support and remote access. Many of these ports are associated with tools such as Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and so on.
Ebay scans using the check.js script ( archive copy ), which tries to connect to the following ports: Scanning is performed using WebSockets to connect to 127.0.0.1. All 14 scanned ports and related programs are listed in the table below. The first to pay attention to this strangeness
A security specialist known as Nullsweep. He notes that if you open the site from a Linux machine, the scan is not performed. In general, this is logical, because all scanned programs are remote access tools for Windows.
Journalists at Bleeping Computer write that they first heard about a script that scans ports from DarkNetDiaries Jack Riesider . He suggested that port scanning could be carried out for the purpose of advertising delivery, fingerprinting, or to protect against fraud.
Most likely, the scan is actually carried out to detect compromised computers used for fraud on eBay. The fact is that back in 2016, attackers used TeamViewerto capture other people's cars, empty PayPal accounts and order goods with eBay and Amazon. Then even a special table was created to track such attacks.
The theory about the fight against fraudsters is confirmed by yet another information security expert, Dan Nemek, who recently wrote a lot about eBay’s strange activity . Nemek traced the script used by the auction to the ThreatMetrix product, which was created by LexisNexis and is used to detect fraudsters. Although the eBay scanner is essentially looking for well-known and legitimate programs, in the past some of them were actually used as RATs in phishing campaigns.
Representatives of eBay limited themselves to a streamlined comment on this issue. So, to the question of Bleeping Computer journalists about scanning the ports of visitors in the company, the following was answered:
“Confidentiality and the data of our customers are our top priority. We strive to create an atmosphere of security, convenience and reliability on our sites and services. ”
© https://xakep.ru/2020/05/26/ebay-scaner/