- Joined
- Jun 13, 2020
- Messages
- 7,018
- Reaction score
- 908
- Points
- 212
- Awards
- 2
Researchers noticed that when visiting the site eBay.com a special script "probes" the visitor's computer ports. Apparently, the popular online store is trying to detect active applications for remote access. Most eBay scanned ports are associated with popular tools used for remote access to a computer. Among them are Windows Remote Desktop, VNC, TeamViewer, Ammy Admin and others. Researchers found that a total of the online site checks 14 different ports. This process occurs every time you visit eBay.com, and a special script, check.js, takes direct part in it.
Port scanning is performed using WebSocket - the script connects to 127.0.0.1 using a specially defined port.
According to Nullsweep, whose team was the first to report the strange behavior of eBay.com, the website does not launch check.js when using the Linux system. Thus, we can conclude that the Internet site is only interested in remote access tools for Windows systems. Experts suggested that port scans were conducted to identify compromised computers that cybercriminals use to conduct fraudulent activities on eBay.com.
Nothing new, but now it's better not to use shit-socks / tunnels (as before aha
)
PS source - https://www.anti-malware.ru
Port scanning is performed using WebSocket - the script connects to 127.0.0.1 using a specially defined port.
According to Nullsweep, whose team was the first to report the strange behavior of eBay.com, the website does not launch check.js when using the Linux system. Thus, we can conclude that the Internet site is only interested in remote access tools for Windows systems. Experts suggested that port scans were conducted to identify compromised computers that cybercriminals use to conduct fraudulent activities on eBay.com.
Nothing new, but now it's better not to use shit-socks / tunnels (as before aha
)
PS source - https://www.anti-malware.ru
