Large scale Injection incidents targeting osCommerce websites

Release Date: 26 Jul 2011 75046 Views

A large scale injection targeting websites using osCommerce is reported.  Injected "<iframe>" and "<script>" pointing to malicious links such as "willysy.com" and "exero.eu" will infect computers via various exploits.  Google indicates more than 90,000 infected pages (not domains) while there are over 2,000 infected pages from Hong Kong.

http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html

 

Browser exploits used:

 

HKCERT would like to warn users of the potential risk when visiting compromised websites.  Users are advised to maintain security patch and security software updated, turning on personal firewall, and staying cautious. Do not visit any unsolicited websites or disable Javascript in browsers.

 

Website administrators are recommended to check their websites and databases and protect the administration directory (/admin/) of their osCommerce systems by a password with .htaccess.

 

 

  • Domain is listed as suspicious in Google Safe Browsing

  

 

  • Google indicates more than 2,000 infected pages from Hong Kong

  

 

 

  

  • The infection attempt, when not successful, has the injected iframe rendered as content (rather than executed) in the title part of the website. Below are some examples:

  

 

 

 

 

Share with

Previous

Fraudsters eyeing on the Japan earthquake disaster

15 Mar 2011 76859 Views

Next

DigiNotar CA security breach resulting in issuance of fake certificates

1 Sep 2011 6076 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY