Sometimes browsing legitimate sites can also put users at risk. According to cybersecurity specialists, when visiting the official site of the e-commerce platform eBay (ebay.com), a script is executed that performs a local port scan on the user’s device in order to detect support and applications for remote access.
Many of the ports on computers are related to remote access and support tools, such as Ammy Admin, Windows Remote Desktop,TeamViewer, VNC, among others. After conducting a series of tests on the compromised site, specialists determined that ebay.com performs a scan of 14 different local ports on users’ computers.
Apparently, this scan task is performed using a check.js script present in eBay.com; this script attempts to connect to the following ports:
The fourteen different ports being scanned and their associated programs and eBay reference chain are listed below.
BleepingComputer specialists point out that it has not been possible to identify the target program at port 63333. However, it has been confirmed that the script performs the scan activity using WebSockets to connect to 127.0.0.0, which represents the local computer on the specified port.
Researchers who initially reported port scanning ensure that this activity does not occur when browsing the eBay site from a Linux system, on the other hand, when using Windows systems the scan occurs as reported. This could also be inferred by analyzing the searched tools, which are part of the Windows Remote Access Suite.
In this regard, eBay published a statement of a few lines: “Privacy and our customers’ data remain a priority. We are committed to creating an experience on our sites and services that is secure and reliable.”
DarkNetDiaries researcher Jack Rhysider mentions that this task is performed for marketing purposes, digital trail registration and even as a method of protecting against electronic fraud. Because port scanning only looks for Windows remote access programs, it will most likely be done to check for compromised computers that are used to make fraudulent purchases on eBay, the expert adds.
A few years ago, the cybersecurity community reported hundreds of cases in which the computers of some TeamViewer users were compromised through this tool for the purpose of making fraudulent purchases on eBay; many of the users of the trading platform use cookies to access their sessions automatically, so hackers were able to remotely control their accounts.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.