内容简介:When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications.Many of these ports are related to remote access/remote support tools such as the Windows Remote Des
When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote access applications.
Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more.
After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site.
This scan is being conducted by a check.js script [ archived ] on eBay.com that attempts to connect to the following ports:
The fourteen different ports that are scanned and their associated programs and eBay reference string is listed below.
| Program | Ebay Name | Port |
|---|---|---|
| Unknown | REF | 63333 |
| VNC | VNC | 5900 |
| VNC | VNC | 5901 |
| VNC | VNC | 5902 |
| VNC | VNC | 5903 |
| Remote Desktop Protocol | RDP | 3389 |
| Aeroadmin | ARO | 5950 |
| Ammyy Admin | AMY | 5931 |
| TeamViewer | TV0 | 5939 |
| TeamViewer | TV1 | 6039 |
| TeamViewer | TV2 | 5944 |
| TeamViewer | TV2 | 6040 |
| Anyplace Control | APC | 5279 |
| AnyDesk | ANY | 7070 |
BleepingComputer has not been able to identify the targeted program on port 63333. If you recognize it, please let us know.
The script performs these scans using WebSockets to connect to 127.0.0.1, which is the local computer, on the specified port.
According to Nullsweep, who first reported on the port scans, they do not occur when browsing the site with Linux.
Once they tested in Windows, though, the port scans occurred.
This makes sense as the programs being scanned for are all Windows remote access tools.
Likely done to detect hacked computers
As the port scan is only looking for remote access programs, it is most likely being done to check for compromised computers used to make fraudulent eBay purchases.
In 2016, reports were flooding in that people's computers were being taken over through TeamViewer and used to make fraudulent purchases on eBay.
As many eBay users use cookies to automatically login to the site, the attackers were able to remote control the computer and access eBay to make purchases.
It got so bad that one person created a spreadsheet to keep track of all the reported attacks. As you can see, many of them reference eBay.
These port scans are still intrusive and not something that many users would want to happen when visiting a site.
BleepingComputer has contacted eBay about this port scan but has not heard back at this time.
Update 5/25/20: Updated article with correct attribution.
Related Articles:
TeamViewer Stops Commercial Use Checks in Coronavirus-Affected Regions
以上所述就是小编给大家介绍的《eBay port scans visitors' computers for remote access programs》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!
猜你喜欢:
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
网站入侵与脚本攻防修炼
逍遥 / 2008-9 / 59.00元
《网站入侵与脚本攻防修炼》从“攻”、“防”两个角度,通过现实中的入侵实例,并结合原理性的分析,图文并茂地展现网站入侵与防御的全过程。全书共分8章,系统地介绍网站入侵的全部过程,以及相应的防御措施和方法。其中包括网站入侵的常见手法、流行网站脚本入侵手法揭密与防范、远程攻击入侵网站与防范、网站源代码安全分析与测试等。《网站入侵与脚本攻防修炼》尤其对网站脚本漏洞原理进行细致的分析,帮助网站管理员、安全人......一起来看看 《网站入侵与脚本攻防修炼》 这本书的介绍吧!
