U.S. e-commerce site eBay searches for malware when accessing its website through a scanner
One of the areas of success despite the coronavirus crisis was e-commerce.
Because of distancing and containment measures, e-commerce benefits. Because people are using it more and more, not being able to go out as usual to do their shopping.Like Amazon, the e-commerce site eBay, it is one of the best known in the industry.
This article will also interest you: CoviD-19 and e-commerce: watch out for the online scam
Last week, several media outlets reported that the US e-commerce giant was scanning ports of terminals used by visitors to its website, with the aim of discovering remote access. Apparently, when the visitor accesses the site eBay.com, a script and automatically executed so as to perform promptly for an analysis of the local port of the terminals used at that time. This dubious analysis would then allow the site to detect software that allows remote assistance and access to users' computers. The scanned ports are partly remote access tools like TeamViewer, Windows, Ammy Admin, VNC. The executed scripts will scan more than 14 ports of the user's device connected to the site.
Among the first people to comment on the story of the American e-commerce giant's action, Jack Rhysider of DarkNetDiaries wrote on Twitter: "The website scans the port of my laptop, bypasses my firewall and does it from/near the browser. It looked at 14 ports." It is thanks to a script check.js that the scan of the ports is carried out. On his blog, the app developer named Dan Nemec commented on this fact, after he carried out several checks. It also carried out a verification of the script used not eBay, apparently its usefulness is to try to identify fraudulent acts via the terminals that connect to its platform. "This is an ingenious, even insidious technique that allows potential port scanners to slide directly into an internal network and scan it using JavaScript in the browser context," the developer wrote. "By the way, it's something that a browser extension could block, but the company behind the port scanner uses techniques to prevent the widespread blocking of its trackers," he adds.
When asked what this sweep might be used for, several hypotheses were made. First, there is the one concerning the distribution of advertising, then another hypothesis concerning the recovery of fingerprints to protect online purchases, but since the scan deals in particular with remote access programs, this is potentially due to the desire to check the computers used and ensure that they are not compromised when using them on the site. It seems that this is not a new thing. Indeed, already in 2016, several researchers discovered equipment that was controlled by TeamViewer remotely, equipment that was used to make purchases on eBay. this was quite simple for these remote manipulators when we know for example that it is easy for users to access the website through cookies. The consequence of these embezzlements was to empty the account PayPal of some victims, emptied of their money by making online purchases without their consent. And the worst part of all this is that these cyber-malicious actions were successful even though all the victims were using multi-factor authentication. We then better understand the gesture of American giant, which has the merit of being able to prevent this kind of cyber malice.
According to developer Nemec, eBay is not the only company or website has used this kind of security check to ensure that the person's computer is not a cyber-malicious tool. One expert commented on this by noting: "The check.cs is used in conjunction with snare.js, and eBay is not the only one to use it. I know for a fact that The Citi Bank Virtual Numbers app uses it. It would seem that many (most?) gambling and trading sites also use it," but he's worried: "Where is it going to end? Every trader could use it as a justification." Because in a way, there is no denying that this practice is still invasive and likely to be negative for users' privacy and security in the long run.
Now access an unlimited number of passwords:
