This application requires Javascript for optimal performance.

HTML/EbayPhish.06BE!phish - Released Apr 25, 2006

Alias/es

HTML/EbayPhish.06BE-phish

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

arrives as a suspicious mail disguising as an Ebay account notification.

Detailed Analysis

  • This detection is for a phishing mail disquising as an official notification from Ebay.

  • It contains the following sample message:
    "We regret to inform you that your Ebay account could be suspended if you don't reupdate your account information. To resolve this problem please visit link below and re-enter your account information."

  • The spammed mail contains a URL that indicates http://218 . 81. 122 . 239:180/r1/e/ which holds the site intended to compromise the user's personal information


  • Below is a sample screenshot of the spammed mail:

    • Recommended Action



      FortiGate systems:

    • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the " Allow Push Update" option


      • FortiClient systems:

    • Quarantine/Delete infected files detected and replace infected files with clean backup copies


    Reference: ID - 151319