Members
  • Total Members: 12811
  • Latest: nodrog
Stats
  • Total Posts: 28507
  • Total Topics: 8238
  • Online Today: 852
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: "Willysy" malware exploit a vulnerability in online merchant platform osCommerce  (Read 2687 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


In less than two weeks, a malware injection that targets e-commerce Web pages has ballooned from 90,000 infected pages to more than 6 million.

The malware, called willysy, exploits a vulnerability in a popular online merchant platform, osCommerce, according to Web application security provider Armorize, of San Francisco.

When the company initially reported the injection on July 24, it found 90,000 infected pages. When it took another look at the malware on August 3, it found the injection had spread to some 6.3 million pages.

Although the identity of the perpetrators of the attacks by the malware could not be identified by Armorize, the company did trace the forays to eight IP addresses, all located in the Ukraine.

Armorize explained that the attacks exploit three known vulnerabilities in version 2.2 of osCommerce: http://blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html
The exploits allow the attackers to place an invisible frame (iFrame) on the page and then inject malicious code (JavaScript) into the page, where it will infect visitors to the online store.

Once the infection makes it to shopper's computer, it targets vulnerabilities in Java, Adobe Reader, Windows Help Center and Internet Explorer. Although the flaws in those programs targeted by the infection are known and have been patched, the attackers are betting that the user hasn't patched all the programs.

Even the exploitation of osCommerce itself depends on lax patch management by the shopping site, since the holes in the program used by the attackers were patched in version 2.3 of the software released in November of last year. Since that time, two versions of the offering have been released, 2.3.1 and 3.0.1.

According to osCommerce: http://www.oscommerce.com/ , the open source software is used by some 249,000 store owners, developers, service providers and enthusiasts.

Attacks like the one discovered by Armorize can be especially harmful to small and medium-size businesses (SMB), asserts Frank Kenney, a former Gartner analyst and vice president of Global Strategy at Ipswitch: http://www.ipswitch.com/ , a file transfer security company in Lexington.

Those companies typically don't have the financial resources of larger firms so they're attracted to open source programs like osCommerce and use off-the-shelf software in their operations. "Whenever you use off-the-shelf software, you have to understand there are data issues and all types of security vulnerabilities that exist," he told PC World.

While the makers of off-the-shelf software patch their programs often, he continued, the business still has to invest in the resources to insure that proper patch work is done. "That requires an outlay of capital that SMBs are not willing to deal with or don't have within their margins," he says.

Such lack of diligence can hurt a business in the long run, because security breaches can invite scrutiny from credit card companies, he explained. A credit card company may refuse to allow the business to use its services until it shows a certain level of security compliance that is out of the reach of the business from a financial or time and resource point of view.

That would have dire consequences for an SMB, he maintains. "The ability to process cards is the difference between a small business or a chain of mom-and-pop stores being open today and being closed tomorrow," he says.

(PCW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising