Great example of automated bots attacking Ebay's core trust establishing process- the feedbacks provided by users taking advantage of the wisdom of crowds to judge on their truthfulness :"Again, a sharp eye may notice that feedback comments received from sellers are identical, and read almost in the same order. This is because most 1-cent-plus-no-delivery-cost sellers automate the whole transaction: should someone buy their eBooks for one cent each, some scripts email it automatically to the buyer, and leaves a standard feedback comment on the buyer’s profile. So, if we recollect everything, the following is probably happening:
1. Someone is massively creating randomly named, fake user accounts (probably in a more or less automated fashion).
2. Those fake users, powered by automated web spider software, are set to scavenge eBay for 1-cent "buy it now" items and buy them.
3. Automatically, the 1-cent item seller script is emailing the buyer with the item, and posts its standard feedback on his profile.
4. The fake user automatically responds with a standard feedback comment on the seller’s profile.
In a nutshell: Two bots are talking. And doing business."
The use of CAPTCHAs, and ensuring the bots never manage to register themselves, is as important as the automated the process of bypassing CAPTCHA authentication . Expect to see a much better random generation of pseudo users, and their feedbacks compared to these one. And since Ebay is no longer an intermediary, but a platform, bots got plenty of seed data to begin their life with, don't they?
These very same techniques apply to common networks such as the Internet Relay Chat, and the majority of instant messengers where malware tries to, either take advantage of a momentum and forward itself to a buddy, or keep the discussion going until the time for a fancy photo session exchange has come.
No comments:
Post a Comment