eBay is port scanning users' PCs

(Image credit: Pixabay)

When users visit eBay's website from a Windows PC, the site runs a script that performs a local port scan of the device to detect if any remote support or remote access applications are running.

As reported by BleepingComputer, many of the ports scanned by the online auction site are used for remote access and remote support tools including Windows Remote Desktop, VNC, TeamViewer and more. Upon further testing, the news outlet discovered that eBay is performing a local port scan of 14 different point when users visit its site.

The scan is conducted by a check.js script on the website that attempts WebSocket connections to a number of ports such as 3389 (Microsoft remote desktop, 5931 (Ammy Admin remote desktop), 6333 (VNC remote connection 7070 (real Audio and Apple QuickTime streaming) and more.

Oddly enough, the port scans do not occur when a user running Linux visits eBay's website, though the programs being scanned for are all Windows remote access tools.

Fighting fraud

As it turns out, eBay is conducting port scans of Windows PCs in order to detect if a compromised computer is being used to make fraudulent purchases on the site.

Back in 2016, multiple reports emerged revealing that cybercriminals were taking over users' computers through TeamViewer to make fraudulent purchases on eBay. Since many of the site's users use cookies to automatically login, the attackers were able to control their computers remotely and access eBay to make purchases.

In a blog post, Dan Nemec explained how he discovered that the script being used for fraud detection is actually from a product called ThreatMetrix which is owned by LexisNexis. While the programs eBay scans for when users visit its site are all legitimate, some of them have previously been used as RATs in phishing campaigns.

Fighting fraud is very important for eBay but at the same time, port scanning is still intrusive for its users. TechRadar Pro reached out to the company for a statement regarding the matter but we did not hear back at the time of writing.

  • Also check out our complete list of the best VPN services

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.