14 DAY TRIAL // Researchers from web application security vendor Armorize warn that a recent mass injection attack targeting vulnerable osCommerce websites is quickly escalating and has already reached millions of infected pages.
A week ago Armorize spotted an attack that injected rogue iframe and script elements into sites running osCommerce. Since the injected code is not obfuscated, it's easier to track the victims using Google searches.
At the time of the company's initial report, there were around 90,000 infected pages, however, by Sunday their number rose to over 3.8 million.
"As of July 31th, Google shows more than 3,410,000 (willysy) + 386,000 (exero) = 3.8 million infected pages. Note this number is for individual infected pages, not sites or domains," the Armorize researchers announce.
The mass injection attack was launched on July 23 and seems to be executed from IP addresses in Ukraine. The attackers exploit several osCommerce vulnerabilities including one that was publicly disclosed earlier this month.
"This attack targets osCommerce websites and leverages several osCommerce vulnerabilities, including osCommerce Remote Edit Site Info Vulnerability, disclosed July 10th, 2011, osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability, disclosed May 14, 2011, and Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass, disclosed May 30, 2010," Armorize explains.
As originally reported, the injected code directs visitors to drive-by exploits targeting older versions of Java, Adobe Reader, Internet Explorer and Windows XP. Keeping the operating system and software up to date should be a priority for everyone.
If the exploit is successful, a piece of malware is downloaded and executed on the victim's machine. Running an up to date antivirus system with advanced layers of protection that include behavioral detection is also critically important.
Webmasters who operate osCommerce websites should make sure that they followed all instructions listed in this topic in order to secure their installation.