Quick Hits

'Willysy' osCommerce Injection Attack Affects More Than 8 Million Pages

Malware exploits vulnerability in popular online merchant platform, Armorize says
A new malware attack has infected more than 8 million Web pages operating on the well-known osCommerce online merchant platform, security researchers said yesterday.

Known as "willysy," the malware was first reported by application security vendor Armorize on July 24 with about 90,000 infected pages. According to the Armorize malware blog, that figure is now more than 8 million infected pages today, and the infection rate is growing.

The attacks exploit vulnerabilities in osCommerce version 2.2, injecting a malicious JavaScript code into the Web page of the merchant site. From there, it can infect the PCs of the online store’s visitors.

Once a visitor’s computer is infected, the malware targets vulnerabilities in Adobe Reader, Java, Internet Explorer, and Windows Help Center. The attack works mostly on known vulnerabilities in these applications, infecting those machines that haven't yet been patched properly.

Armorize researchers don't know who's spreading the malware, but they have traced it to eight IP addresses in Ukraine.

The malware can be prevented with an upgrade to osCommerce version 2.3, which was released in November 2010. The online merchant software is also available in newer versions, 2.3.1 and 3.0.1. According to osCommerce, almost a quarter of a million store owners use the open-source software.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading