In less than two weeks, a malware injection that targets e-commerce Web pages has ballooned from 90,000 infected pages to more than 6 million.
The malware, called willysy, exploits a vulnerability in a popular online merchant platform, osCommerce, according to Web application security provider Armorize, of San Francisco.
When the company initially reported the injection on July 24, it found 90,000 infected pages. When it took another look at the malware on August 3, it found the injection had spread to some 6.3 million pages.
Although the identity of the perpetrators of the attacks by the malware could not be identified by Armorize, the company did trace the forays to eight IP addresses, all located in the Ukraine.
Armorize explainedthat the attacks exploit three known vulnerabilities in version 2.2 of osCommerce. The exploits allow the attackers to place an invisible frame (iFrame) on the page and then inject malicious code (JavaScript) into the page, where it will infect visitors to the online store.
Once the infection makes it to shopper's computer, it targets vulnerabilities in Java, Adobe Reader, Windows Help Center and Internet Explorer. Although the flaws in those programs targeted by the infection are known and have been patched, the attackers are betting that the user hasn't patched all the programs.
Read More Here
