Peaches Posted July 7, 2010 Report Share Posted July 7, 2010 Multiple osCommerce Websites Infected with Malicious CodeServe visitors with malware Security researchers warn that multiple osCommerce websites have been compromised during the last few days. The rogue code injected into their pages attempts to infect visitors with malware served from an external domain. The compromises have been detected by Sucuri Security, a company selling Website integrity monitoring solutions. An investigation into the incidents is ongoing, but it has been determined that all have been injected with a rogue <script> element loading code from an http://nt02. co.in/ 3 address [intentionally malformed].So far most of the affected websites also had clandestine files uploaded in their /images folder. These files are called inclasses.php, loadclasses.php or phpclasses.php. "If you are an osCommerce user, please make sure to update your installation (and check your sites) as soon as possible," Sucuri researcher David Dede, advises.The company is still trying to determine how the attackers succeeded in compromising the websites, but an osCommerce Remote File Injection (RFI) vulnerability disclosed about a month ago, might be responsible. The bug is in "file_manager.php" and according to a SecurityFocus advisory, is the result of failure to properly sanitize user input. Story - http://news.softpedi...de-146426.shtml Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.