Mass injection campaign affects 3.8 million pages

Share this article:

More than three million web pages have been compromised with malware as part of a mass IFRAME injection attack targeting unpatched versions of the open source e-commerce framework, OSCommerce, researchers at web application security firm Armorize have warned. The attack, which appears to originate in the Ukraine, has affected 3.8 million sites, which are running OSCommerce version 2.2 and earlier. Those who visit an affected site are pointed to the malicious domains willysy.com or exero.eu. After a series of redirects, users end up at a domain that attempts to exploit multiple web browser and PDF vulnerabilities, and install a variant of SpyEye.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached ...

The breaches involved different malware and both companies are investigating whether payment card information was stolen.

DDoS down globally, on increase in Americas in Q2, report says

DDoS down globally, on increase in Americas in ...

DDoS attacks declined in Q2 while Zeus, Storm and Heartbleed made their marks on security, an Akamai report on the state of the internet shows.