Sometimes browsing legitimate sites can also put users at risk. According to cybersecurity specialists, when visiting the official site of the e-commerce platform eBay (ebay.com), a script is executed that performs a local port scan on the user’s device in order to detect support and applications for remote access.
Many of the ports on computers are related to remote access and support tools, such as Ammy Admin, Windows Remote Desktop,TeamViewer, VNC, among others. After conducting a series of tests on the compromised site, specialists determined that ebay.com performs a scan of 14 different local ports on users’ computers.
Apparently, this scan task is performed using a check.js script present in eBay.com; this script attempts to connect to the following ports:
The fourteen different ports being scanned and their associated programs and eBay reference chain are listed below.
BleepingComputer specialists point out that it has not been possible to identify the target program at port 63333. However, it has been confirmed that the script performs the scan activity using WebSockets to connect to 127.0.0.0, which represents the local computer on the specified port.
Researchers who initially reported port scanning ensure that this activity does not occur when browsing the eBay site from a Linux system, on the other hand, when using Windows systems the scan occurs as reported. This could also be inferred by analyzing the searched tools, which are part of the Windows Remote Access Suite.
In this regard, eBay published a statement of a few lines: “Privacy and our customers’ data remain a priority. We are committed to creating an experience on our sites and services that is secure and reliable.”
DarkNetDiaries researcher Jack Rhysider mentions that this task is performed for marketing purposes, digital trail registration and even as a method of protecting against electronic fraud. Because port scanning only looks for Windows remote access programs, it will most likely be done to check for compromised computers that are used to make fraudulent purchases on eBay, the expert adds.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.