amenex Posted February 28, 2004 Share Posted February 28, 2004 Hello SpamCop Mail ! Those eBay spoofs just keep coming like the Energizer Bunny. Today I got one that simply asked me to click on a URL that looked like this: http://ebay.resolve.at ... nothing more. I did not go to that site. However, when I started to forward the offending spam to spoof[at]eBay.com from my SpamCop webmail page, as soon as I finished entering the eBay email address in the To: field, A small term, "expanding" popped up to the right of that field, and then a small popup window exclaimed, "cannot expand." The window was labelled "java scri_pt application" or something to that effect. So I clicked off the javacript button in my Mozilla preferences. Same thing happened again. So I stopped Mozilla and started it again. Same popups. Then I shut off my PC running W98SE and, guess what ? With the "enable java" box still not checked the same behavior occurred again. I am running Norton AV and FW. No dire warnings ... Note that I did expand the offending email so as to copy and paste the complete message source into the text above the forwarded email. Was there some nasty java scri_pt in there, I wonder ? Here's the portion of the message source that was below the headers. It was X-matched to a Verizon IP address. I'm quoting it here 'cuz it's short: ------------------------------------------------------------------------------- Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Dear eBay member, Your account has been Suspended/Locked for some security issues. If you feel = this is an error or would like to view these issues please review the link = below. Your security issues cannot be resovled through E-mail. To resolve this = matter please go here, eBay Security Center: http://ebay.resolve.at Sincerely, eBay SafeHarbor Security Team Copyright =A9 1995-2004 eBay Inc. All Rights Reserved. --1ca0eac5-50ef-46cd-a894-021cb350809b-- ------------------------------------------------------------------------------- The "expanding" message and the "cannot expand" popup never happened to me before. Is this normal ? I have only just started to use Mozilla, as Netscape 4.72 just crashed too often on unfriendly java scri_pt. It's the latest Mozilla. What bothers me most is that I'm seeing a java scri_pt error message when I do not have java enabled. Looks sinister indeed. I apologize if this turns out simply to be a Mozilla feature. Best regards, George Langford (amenex) amenex[at]amenex.com Link to comment Share on other sites More sharing options...
Jeff G. Posted February 28, 2004 Share Posted February 28, 2004 Webmail is able to expand spoof[at]ebay.com just fine for me. Please test this with a blank email, trying to expand each address you're adding to Webmail, one at a time. Thanks! Link to comment Share on other sites More sharing options...
Wazoo Posted February 28, 2004 Share Posted February 28, 2004 Use of the java buttons on your browser should have no bearing on the simple act of inputting an e-mail address, so I have to suggest that there's something left out of your trouble depiction. (another note: java and java scri_pt are not the same thing.) That you say you expanded the spam, but then ask if there might have been an included java scri_pt actionseems also lacking .. if you'd have scrolled down in the just pasted text, you should have been able to see the scripting code, if it was present. As JeffG has already indicated, just popping the spoof address into the To: line doesn't seem to trigger anything .. maybe you'd want to try this all over again and see just when / where things happen .. like putting the address in before pasting the spam for instance ...??? And the fact that hitting the offered link tries to take me to members.aol.com and makes a couple of calls to www.has.it means what? To me, it sure as hell isn't e-bay .... snippet from SamSpade's GET; </HEAD> <!-- frames --> <FRAMESET ROWS="100%,*" FRAMEBORDER="no" FRAMESPACING="0"> <FRAME NAME="REDIRECTION_MAIN" SRC="http://members.aol.com/Mavrick26772/ebay.htm" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="auto" FRAMEBORDER="0"> <FRAME NAME="AD_BOTTOM" SRC="/ad.html" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="auto" FRAMEBORDER="0"> </FRAMESET> <NOFRAMES> Click <a href="http://members.aol.com/Mavrick26772/ebay.htm">here</a> to enter the eBay Security Center website. </NOFRAMES> Trace ebay.resolve.at (64.235.234.138) Mzima Networks, Inc. NETBLK-MZIMA-01 (NET-64-235-224-0-1) 64.235.224.0 - 64.235.255.255 Lunarpages MZIMA01-CUST-LUNARPAGES (NET-64-235-234-0-1) 64.235.234.0 - 64.235.234.255 OrgName: Lunarpages OrgID: LUNAR Address: 14730 Beach Blvd. Suite 102 Address: IP Management Department City: La Mirada StateProv: CA PostalCode: 90638 Country: US NetRange: 64.235.234.0 - 64.235.234.255 CIDR: 64.235.234.0/24 NetName: MZIMA01-CUST-LUNARPAGES NetHandle: NET-64-235-234-0-1 Parent: NET-64-235-224-0-1 NetType: Reassigned NameServer: NS1.LUNARPAGES.COM NameServer: NS2.LUNARPAGES.COM Comment: RegDate: 2002-12-19 Updated: 2002-12-19 AbuseHandle: LUNAR1-ARIN AbuseName: Lunarpages Abuse AbusePhone: +1-714-521-8150 AbuseEmail: abuse[at]lunarpages.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.