By my reading they used iframes (or maybe img) to literally send traffic to eBay, and it was eBay's servers that set the cookie. As far as I understand it you can't set a cookie on a domain you don't control. But I admit I might be wrong, the article is confusing on the technical details.
