Blog

Ranjeet Menon
Massive Attack targeting osCommerce sites
August 6, 2011

More than 90,000 websites were found to be infected with an iframe that points to:- willysy(dot)com.

The effected websites were found using the osCommerce which is an open source e-commerce package used by small vendors to manage their online shops.

An iframe is a line of code inserted into a webpage that loads data from another website.
If a user lands on a webpage with an infected iframe inserted at the bottom of the page, it can automatically download dangerous malware onto the user’s system (this is known as a drive-by download).

This redirection leads to an exploit kit that abuses the following vulnerabilities in an attempt to download a malicious file onto systems:

CVE-2010-0840
CVE-2010-0188
CVE-2010-0886
CVE-2006-0003

Upon execution of the malicious malware it searches for the Internet cookies and history to steal the login information related with banking websites.

Quick Heal detects the downloaded files and blocks the malicious website through its ‘Browser Protection’ feature.

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image