The Latest in IT Security

Non stop attacks against osCommerce – Time to take action

16
Aug
2011


The malware attacks against osCommerce sites are still going at full force and the site owners have to take action to secure and update their sites as soon as possible. Think about that, with so many valuable targets (online stores) that are not updated and secured, why would they?


*If you have an osCommerce site, please follow these steps to make sure it doesn’t keep getting hacked. You can also scan it here to check if it’s clean: Sucuri SiteCheck


It all started with the “willysy.com” remote iframe injection, followed by the exero.eu, 1see.ir, tiasissi.com.br and now lamacom.net remote javascript injections.

The media was all over the place when it was first released and infected thousands (if not millions) of sites. However, after a few days the media forgot and sites are still getting compromised daily.

Just as an example, the 1see.ir remote javascript injection, infected more than 100,000 pages (according to Google) and no one reported it except us:

New injections

These are some of the injections are are seeing in the wild and the amount of pages infected:

  • http://willysy.com/images/banners/ – Currently at 2,750,000 pages
  • http://exero.eu/catalog/jquery.js” – Currently at 140,000 pages
  • http://1see.ir/j/ – Currently at 103,000 pages
  • http://tiasissi.com.br/revendedores/jquery/” – Currently at 12,500 pages
  • http://lamacom.net/images/j/ – Currently at 450 pages (just started)

And it will probably keep going (with new injections) until people realized that they have to secure their sites properly. Anyone can scan their sites for free (and easily) here to see if we detect anything wrong: http://sitecheck.sucuri.net

Leave a reply


Categories

WEDNESDAY, OCTOBER 28, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments