My Blog

The JSF worm attacks the users of the most popular auction platform

The JSF worm attacks the users of the most popular auction platform

The JSF worm, discovered several weeks ago by Check Point specialists, has begun to attack eBay auction platform users. Although its owners do everything to neutralize the threat, they are not able to cope with it. And that means that auctioned listings can be dangerous for users.

A few weeks ago, Check Point cyber security experts discovered a bug called JSF that poses a threat to eBay auction site users and could put them at risk of hacking. Although the portal is trying to fight it and has even prepared a special update to deal with this problem, these actions do not bring the expected results.

It should be explained here that JSF is an educational project created a few years ago by Martin Kleppe, which allows you to narrow down most JavaScript syntax to just six characters:,, (,),! And +. Check Point specialists have discovered, however, that a hacker can hide malicious code on the page by changing the standard JavaScript syntax to that used by JSF and place it in the product description field.

JSF does not use a standard character set, which allows it to hide from the XSS filters used by eBay. So if a user goes to a hacked auction page, the malicious code will launch in his browser.

The site has prepared a patch to eliminate the threat but experts say it has not produced any results and visitors to the auction site are still being attacked. Most of the dangers are focused primarily on auto-site pages, and what is interesting is that a large proportion of crafted listings belong to users of the highly-trafficked portal, so it's difficult to detect them.

Related Articles