Willysy osCommerce Injection Attack Affects More Than 8 Million Pages

  /     /     /  
Publicated : 22/11/2024   Category : security


Willysy osCommerce Injection Attack Affects More Than 8 Million Pages


Malware exploits vulnerability in popular online merchant platform, Armorize says



A new malware attack has infected more than 8 million Web pages operating on the well-known osCommerce online merchant platform, security researchers said yesterday.
Known as willysy, the malware was first reported by application security vendor Armorize on July 24 with about 90,000 infected pages. According to the
Armorize malware blog
, that figure is now more than 8 million infected pages today, and the infection rate is growing.
The attacks exploit vulnerabilities in osCommerce version 2.2, injecting a malicious JavaScript code into the Web page of the merchant site. From there, it can infect the PCs of the online store’s visitors.
Once a visitor’s computer is infected, the malware targets vulnerabilities in Adobe Reader, Java, Internet Explorer, and Windows Help Center. The attack works mostly on known vulnerabilities in these applications, infecting those machines that havent yet been patched properly.
Armorize researchers dont know whos spreading the malware, but they have traced it to eight IP addresses in Ukraine.
The malware can be prevented with an upgrade to osCommerce version 2.3, which was released in November 2010. The online merchant software is also available in newer versions, 2.3.1 and 3.0.1. According to osCommerce, almost a quarter of a million store owners use the open-source software.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Willysy osCommerce Injection Attack Affects More Than 8 Million Pages