Aug 17, 2011 07:56 GMT  ·  By

The German Federal Office for Information Security (BSI) has issued an alert regarding compromised online shops that infect users with malware.

BSI warns that thousands of e-shops built on the osCommerce platform have been infected with code that directs visitors to drive-by download exploits.

These exploits take advantage of vulnerabilities in outdated versions of popular applications, like Java, Adobe Reader, Flash Player or the operating system itself, in order to install malware on computers.

The BSI has issued the alert because, according to its own investigation, many of the infected websites are German-language stores.

This mass injection attack began at the end of July and resulted in around 4 million infected pages within the first week. The number rose to 8 million after two weeks and the infection count continues to increase.

The attack exploits a vulnerability addressed in osCommerce back in November 2010, but many online stores still haven't been updated. BSI recommends that store owners deploy osCommerce 2.3.1 or 3.0.2 as soon as possible.

Users are advised to keep software installed on their computers up to date, including their operating system and browser. They should also run up-to-date antivirus programs on their machines which are capable of scanning web traffic.

Web security vendor Armorize has been tracking this mass injection attack since it began and issued regular updates about it. Its main characteristic is a rogue script of iframe loading malicious code from a domain called willysy.com.

One possible reason for the high number of vulnerable osCommerce installations might be that webmasters are not used to updates for it. Despite being one of the most popular e-commerce platforms, osCommerce is known extremely long time periods between releases.

The current version of the software is 3.0 and was released at the end of March, but the previous version dates back to 2008. Webmasters who operate osCommerce websites should also make sure that they followed all instructions listed in this forum post in order to secure their installations.