Another mass SQL injection attack, similar to "Liza Moon" from earlier this year, is impacting more than a million websites.
More than three million web pages have been compromised with malware as part of a mass IFRAME injection attack targeting unpatched versions of the open source e-commerce framework, OSCommerce, researchers at web application security firm Armorize have warned. The attack, which appears to originate in the Ukraine, has affected 3.8 million sites, which are running OSCommerce version 2.2 and earlier. Those who visit an affected site are pointed to the malicious domains willysy.com or exero.eu. After a series of redirects, users end up at a domain that attempts to exploit multiple web browser and PDF vulnerabilities, and install a variant of SpyEye.
Researchers are not sure how many websites have been compromised but said new Asprox botnet attacks are underway.
Another round of IFRAME infections has compromised tens of thousands of legitimate websites.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes