If you have ever bought or sold anything on eBay, you pretty much know how important the seller ratings are. The general rating system is based on a one- to five-star scale and is determined by people you have done transactions with. As customary, five stars is the highest and one star is the lowest. With the condition of conducting business anonymously, the buyer can only depend on these ratings to take that leap of faith of sending his hard-earned money to that total stranger probably sitting halfway across the globe.
Though eBay sites offer practical and legit tips on how to boost one’s seller ratings, it is not surprising that scheming sellers still want to find an easy albeit unfair way of taking advantage of this rating system. After all, more stars virtually spell more sales.
The Register recently reported a scripting trick employed by malicious sellers at eBay.co.uk, purportedly to boost their own seller ratings. An auction for a 2007 Range Rover Sport HSE, a four-wheel drive car usually valued at around 40,000 pounds, offers the vehicle at a curiously low amount of only 12,000 pounds. Apparently, the seller indicated on the main page (an online jewelry seller) has a “PowerSeller” status — meaning he/she has met certain standards from eBay including average sales requirements and of course, the all-important honesty and timeliness.
Picking on the natural interest of people, particularly of eBay customers, for anything that appears to be a bargain, clicking on the auction brings the user to what appears to be a regular item page. The first sign that something is fishy? A suspicious pop-up coming from a page in Russia.
Further analysis later on showed that this apparently regular page from eBay contains an embedded tag pointing to a Shockwave file, which in turn redirects the user to an .ASPX page in Russia. Down further on its root are two other .ASPX pages linking to already completed vehicle auctions. So just when buyers think they are dealing with a reputable seller, they are actually blindingly doing business with sellers they can’t even identify.
Currently, we can only guess if this curious script serves other purposes than boosting those seller ratings. Trend Micro is of course doing its own investigation of the dubious files. Updates will be posted on this blog as soon as more information is available.