The JSF worm, discovered several weeks ago by Check Point specialists, has begun to attack eBay auction platform users. Although its owners do everything to neutralize the threat, they are not able to cope with it. And that means that auctioned listings can be dangerous for users.
A few weeks ago, Check Point cyber security experts discovered a bug called JSF that poses a threat to eBay auction site users and could put them at risk of hacking. Although the portal is trying to fight it and has even prepared a special update to deal with this problem, these actions do not bring the expected results.
JSF does not use a standard character set, which allows it to hide from the XSS filters used by eBay. So if a user goes to a hacked auction page, the malicious code will launch in his browser.
The site has prepared a patch to eliminate the threat but experts say it has not produced any results and visitors to the auction site are still being attacked. Most of the dangers are focused primarily on auto-site pages, and what is interesting is that a large proportion of crafted listings belong to users of the highly-trafficked portal, so it's difficult to detect them.