Mass injection campaign affects 3.8 million pages

Share this article:

More than three million web pages have been compromised with malware as part of a mass IFRAME injection attack targeting unpatched versions of the open source e-commerce framework, OSCommerce, researchers at web application security firm Armorize have warned. The attack, which appears to originate in the Ukraine, has affected 3.8 million sites, which are running OSCommerce version 2.2 and earlier. Those who visit an affected site are pointed to the malicious domains willysy.com or exero.eu. After a series of redirects, users end up at a domain that attempts to exploit multiple web browser and PDF vulnerabilities, and install a variant of SpyEye.

Share this article:

Sign up to our newsletters

More in News

EFF intros wireless router software to boost industry standard

EFF intros wireless router software to boost industry ...

This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Siemens industrial products impacted by four OpenSSL vulnerabilities

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.