When bringing up Ebay.com’s login screen, I get a notice from Avast that the connection with Ebay is aborted due to a redirecter - “JD” or something like that. However, I am still able to get into Ebay.
Follow up scans with MalwareBytes and Avast full scan show nothing. Is this a false positive?
I am using Firefox, Win7 64bit and this has never happened before. From searching the net, it seems this was a problem for some folks at one time, though.
SSL expires soon
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Secure cookies not used
Vulnerable to cross-site attacks:
HttpOnly cookies not used
HttpOnly cookies not used
When HttpOnly cookies are not used, the cookies can be accessed on the client, which enables certain type of client-side attacks. The website configuration should be changed to enforce HttpOnly cookies.
EXPECTED:
[all set-cookie headers include ‘httponly’]
FOUND:
set-cookie (s): s HttpOnly;, set-cookie (dp1): dp1, set-cookie (ebay): ebay, set-cookie (nonsession): nonsession
Emails can be fraudulently sent: Lenient SPF filtering
Sender Policy Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain’s behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DNS is susceptible to man-in-the-middle attacks:
DNSSEC records prevent third parties from forging the records that guarantee a domain’s identity. DNSSEC should be configured for this domain.
EXPECTED:
true
FOUND:
false
I just tried the Ebay login with Internet Explorer, and Avast put an item in the Virus Chest… I deleted immediately. i am running a boot scan for safety sake.
Also tried it on a second machine - Avast ids the threat as before.
Wonder what is going on? Hard to believe the Ebay login is infected and there is no word about it…
Hopefully an avast team member will come to this thread and give the detection or FP the final verdict.
The detection for “Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold”
is a generic IDS detection, the code is running longer than expected max run-time,
and that is always somewhat alarming.
As you can see, it says in the unpacker javascript evaluation SUSPICIOUS,
so that does not mean malicious per se.
So bide your time until to-morrow as it is near a quarter past eleven in the evening here in old Europe.
EBay infested, would fill some news line on the security forums.
Hope, that is not so and that it is only a glitch in the code.
Have a nice day from here near Rotterdam some 20 kilometers from the North-Sea coast,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
I deleted immediately. i am running a boot scan for safety sake.
Why boot scan?
Boot scan does not give any better detection, it is the same engine and signatures that run. It is a tool meant to be used if you have problems removing a infection
I just tried the Ebay login with Internet Explorer, and Avast put an item in the Virus Chest...[b] I deleted immediately. [/b]
So now you can't send it to avast lab for analysis ::)
Why the rush to delte quarantined items?
As I added there “Do not panic”, everything is under control and soon it will be clear if it is code to be quarantined (and then inside the chest, n it cannot do any harm like someone jailed) or it is indeed not the real McCoy and a false positive, and all can give a sigh of relief. ;D
I removed it to get it off my system… I have not had a virus in the past 15 years and thought removal was best.
I did the boot scan to be absolutely sure there was nothing on my PC. I always thought the boot scan was the most thorough. Thanks for your advise.
It is strange that Avast says that the connection to Ebay is aborted, but I can still log on. So the connection is not cut.
Also, I note that if I clear the notification in Avast the warning does not re-appear. However, if I reboot and then start over, then the warning will re-appear.
I wish I knew what is going on here… although others have faced this in the past, there is no other current discussion of this anywhere and I have been an Ebay user for many years with no problems. No clue as to what to do with my Ebay listing as I am afraid to log on.
JS:Redirector-BKG [Trj] was already disabled yesterday, but I am strongly against using obfuscated scripts. Minified scripts are ok, but this specifically was bloated to avoid detection of redirection.
I tried it on a new computer with Avast
and it turned up the same warning
about this same Redirect.
Is this a false positive?
I was able to logon to ebay and conduct
business as usual but I’m somewhat
worried about this. I ran Malawarebytes,
SuperAntiSpyware, a number of other
stand alone scanners such as Viper Rescue.
Nothing. And Avast other than this
warning showed nothing when I did the
suggested scan included with the warning.
Someone please reply. I’m new here
and never posted before. I noticed others
on the internet reporting the same exact
same problem when siging in to ebay.