back to article Malware attack spreads to 5 million pages (and counting)

An attack that targets a popular online commerce application has infected almost 5 million webpages with scripts that attempt to install malware on their visitors' computers. The mass attack, which compromises websites running unpatched versions of the osCommerce store-management web application, has spread virally over the …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

I always wonder how...

...these exploits work - articles like this rarely say and I'm damn sure not gonna go look for myself.

You say windows vulns, but do they only work when browsing with IE, or are all browsers at risk, and if so, where does the way in lie? With a bit of javascript, or a file download that relies on the user clicking 'Run'? Does something like NoScript or UAC protect or are we all screwed either way?

0
0
Bronze badge

basically ...

... it's flawed JavaScript implementation (embeded in IE6 , so it's IEs fault) which is executing code it ought to ignore or fail. JavaScript is not the only attack vector on IE.

1
0

Easy to block

the two domains direct to 94.100.18.41 and 94.100.18.41/32 respectively. Easy to add to a firewall as a block - although ThreatSTOP subscribers are already protected automatically because these addresses are in all our blocklists now.

1
4
Thumb Down

@Easy to block

Well, thank you, FrancisT - but I think you forgot to mention that your software will also enhance the user's libido?

HTH.

5
0
Anonymous Coward

.ru

It's tempting to just create a firewall rule that blocks the entire former Soviet Union. Unfortunately there is some genuinely useful software that comes from there.

1
0
Happy

I always wonder how...

I do not have a lot of technical knowledge, but the video gave a good simple explanation as how the malware was loaded. Nothing about how to stop it though, or how you would know other than your virus protector picking it up.

0
0
Facepalm

php quality

I checked the oscommerce.com website. Quality PHP, mySQL implementations springs to mind, although any system if not implemented properly is vulnerable. When will people understand that using the best software is actually cheaper.

0
0

Which "process monitor" is this in the video?

It doesn't look like Sysinternal's. I couldn't find anything looking like this one by googling that name.

Anyone knows which program it is?

2
0
This topic is closed for new posts.

Forums