osCommerce-based mass injection now 3.79 million pages strong

A mass injection attack, targeting insecure and under patched installations of osCommerce, has impacted more than 3 million pages on the Internet. The latest figures come from security vendor Armorize, who has been following the situation since it started.

According to Armorize, as of July 31, there are more than 3.4 million pages infected with an embedded Iframe pointed to willysy.com. An additional 386,000 pages are infected with an Iframe pointed to exero.eu. All of the infected pages have one thing in common, osCommerce.

If you use a webhost that offers cPanel, osCommerce is one of the many scripts that can be installed with the click of a button. However, while the ecommerce software is popular for small business owners, unless it is maintained, it’s often exploited by drive-by attackers. Sadly, many installations of osCommerce are left abandoned, often due to problems with design or configurations, assuming the domain owner simply didn’t just lose interest. When this happens, all of those domains are easy pickings to an attacker or their scripts.

There are three vulnerabilities being leveraged in the attacks on osCommerce-driven sites, one disclosed on July 10, another last May, and the final one in May 2010. Once a vulnerability is exploited, malicious Iframes are injected into the site’s code, and in some cases the attackers will upload shell scripts to the domain. The shell scripts allow attackers greater access to the site and the server it is hosted on.

Previously, while researching BlackHat SEO scripts, The Tech Herald discovered several sites with osCommerce installations rooted by similar shell scripts. It’s a common tactic and can be automated in many cases.

Once the site has been compromised, the Iframes themselves will direct visitors to another domain, which pulls data from a third domain, containing yet another Iframe that redirects the victim to a fifth site.

Once the fifth site is loaded, it attempts to leverage one of five browser vulnerabilities in order to infect the system with Malware. The process takes seconds to complete.

Armorize says that scanning logs for the IPs 178.217.163.33, 178.217.165.111, 178.217.165.71, and/or 178.217.163.214 will be the first sign of detecting an infection on a given domain or server.

After that, the infected pages will need to be scrubbed of the injected code. In some cases, especially if the osCommerce installation is not needed or new, it is better to delete everything and start over. However, once cleaned, the osCommerce installation should be checked for updates and properly hardened. Also, it is often a better bet to manually install the software, and avoid one-click installations.

In formation on hardening osCommerce is here. The Armorize report on the attacks can be viewed here.


 

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Awesome Stuff Made Out Of Car Parts

An awesome picture has started doing the rounds showing a bathroom with sinks made out of car tires and faucets created from gas pumps. It’s the ideal bathroom for any discerning car nut. That got us thinking — what other stuff is there made out of car parts and car paraphernalia. Here are some of the coolest […]

Range Rover Evoque Convertible Confirmed

Land Rover has officially confirmed that the Range Rover Evoque Convertible will go on sale in 2016. The company released some publicity photos showing a prototype of the Evoque Convertible driving through train tunnels under construction in London. The company says use of the Crossrail tunnels let them test the convertible in privacy. A Land […]

Mercedes-AMG GT3 Racing Car to Debut at Geneva Motor Show

The company says the standard Mercedes-AMG GT already provides the ideal base for the race model, with low centre of gravity, good weight distribution and wide track width.The driver sits on a carbon-fibre seat pan and is protected by a roll-over cage made from high-tensile steel.The engine cover, doors, front wing, sidewalls, side skirts, diffuser, […]

Lamborghini Aventador Wallpaper

Lamborghini Aventador wallpaper for your desktop or mobile device. The Aventador LP 700–4  has a 6.5 liter V12 that will go 0–60 mph in  2.9 seconds and take you all the way to 220mph and maybe beyond.Each image links to a page with multiple sizes of wallpaper you can download.

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in the photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a university in the UK told the BBC that it was impossible to see what other people see but that it […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]