YAeBT: WTF is up with these e-mails?

[DurocShark]

Does anybody else get these? They're "question for seller" e-mails, where someone is asking how much is shipping, getting a reply, and then replying to that message? I've been getting these off and on for like 2 months for old auctions.

Here's the text from one I just got:

Hi, please add another $19 for shipping to Missouri.
jczmtvwf-pqyj@yahoo.com wrote:
Hello, what is the shipping cost to British Columbia?

--------------------

Question from: shysiph
Title of item: This is brand new training for Encore DVD
Seller: eywashid
Starts: Jan-29-03 19:51:23 PDT
Ends: Feb-05-03 19:51:23 PDT
Price: Starts at $58.22
To view the item, go to: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=600623101


Visit eBay, The World's Online Marketplace TM at
http://www.ebay.com
Do you Yahoo!?
Yahoo! SitezBuilder - Free, easy-to-use web site desqign software

 

[PatboyX]

i get them a lot too. i posted about it but i dont think i got any repsonses.


so yeah
here is my thread
nothing from no one. but i was too lazy and tired to copy and paste an actual email.

hopefully someone could clue us in to how this benefits anyone...

 

[DurocShark]

Nobody has a clue?

 

[Ness]

Based on the BS random char. email address, I'd say this is some sort of scammer trying to pick up a few dollars here or there making people think that they have to pay extra shipping for auctions they've already won.

 

[PatboyX]

but its not like they really ask for anything...
i mean...
how would it work in anyones favor?

 

[Ness]

are you getting the whole message as if it was sent to someone else, or are you getting the message sent to you personally?

 

[shekondar]

Could be a virus sending out parts of somebody's old messages...

 

[luv2chill]

It's a scam of some sort. Cutting and pasting the e-mail here makes the URL look legit, but if you view the source of the e-mail you'll see that the link that supposedly points to ebay is actually pointing to somewhere else. The e-mail I just got is actually linking to port 9292 at 66.169.74.16 (a cable modem in Asheville, NC).

It may be a beacon to identify valid e-mail addresses for spammers, or some other deviant purpose. I dunno, but I too have been receiving those messages periodically for months.

l2c

 

[luv2chill]

Relevant post on USENET

Seems there is a few extra lines of code on that "fake" ebay page that execute a page.php script, which is actually encoded VB. This code creates a binary on your machine which then executes and then downloads a trojan executable called mstasks1.exe. Whether it's a phishing attempt or a virus/spyware thing, it is definitely dangerous. Don't click on URLs without making sure they lead to where they say they're leading!

l2c

 

[PatboyX]

Originally posted by: luv2chill
Relevant post on USENET

Seems there is a few extra lines of code on that "fake" ebay page that execute a page.php script, which is actually encoded VB. This code creates a binary on your machine which then executes and then downloads a trojan executable called mstasks1.exe. Whether it's a phishing attempt or a virus/spyware thing, it is definitely dangerous. Don't click on URLs without making sure they lead to where they say they're leading!

l2c

thanks!