IB experts and journalists of Bleeping Computer discoveredThat the site ebay.com scans the local ports of visitors in search of applications for remote support and remote access. Many of these ports are associated with tools such as Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and so on.
Scanning is done using WebSockets to connect to 127.0.0.1. All 14 scanned ports and related programs are listed in the table below.
|Remote Desktop Protocol||Rdp||3389|
First to this oddity noticed A security specialist known as Nullsweep. He notes that if you open the site from a Linux machine, the scan is not performed. In general, this is logical, because all scanned programs are remote access tools for Windows.
Journalists at Bleeping Computer write that they first heard about a script that scans ports from a DarkNetDiaries specialist Jack Risider. He suggested that port scanning could be carried out for the purpose of advertising delivery, fingerprinting or to protect against fraud.
Most likely, the scan is actually carried out to detect compromised computers used for fraud on eBay. The fact is that back in 2016, attackers used TeamViewer to capture other people's cars, empty PayPal accounts and order goods with eBay and Amazon. Then it was even created special table to track such attacks.
The theory about the fight against fraudsters is confirmed by another IB expert, Dan Nemek, who recently wrote about the strange activity of eBay great stuff. Nemek traced the script used by the auction to the ThreatMetrix product, which was created by LexisNexis and is used to detect fraudsters. Although the eBay scanner, in fact, is looking for well-known and legitimate programs, in the past some of them were actually used as RATs in phishing campaigns.
Representatives of eBay limited themselves to a streamlined comment on this issue. So, to the question of Bleeping Computer journalists about scanning the ports of visitors in the company, the following were answered:
“The privacy and data of our customers are our top priority. We strive to create an atmosphere of security, convenience and reliability on our sites and services. ”