Sign in / up

back to article Malware attack spreads to 5 million pages (and counting)

An attack that targets a popular online commerce application has infected almost 5 million webpages with scripts that attempt to install malware on their visitors' computers. The mass attack, which compromises websites running unpatched versions of the osCommerce store-management web application, has spread virally over the …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    I always wonder how...

    ...these exploits work - articles like this rarely say and I'm damn sure not gonna go look for myself.

    You say windows vulns, but do they only work when browsing with IE, or are all browsers at risk, and if so, where does the way in lie? With a bit of javascript, or a file download that relies on the user clicking 'Run'? Does something like NoScript or UAC protect or are we all screwed either way?

    0 0
    1. Bronek Kozicki
      Reply Icon

      basically ...

      ... it's flawed JavaScript implementation (embeded in IE6 , so it's IEs fault) which is executing code it ought to ignore or fail. JavaScript is not the only attack vector on IE.

      1 0
  2. FrancisT

    Easy to block

    the two domains direct to 94.100.18.41 and 94.100.18.41/32 respectively. Easy to add to a firewall as a block - although ThreatSTOP subscribers are already protected automatically because these addresses are in all our blocklists now.

    1 4
    1. nyelvmark
      Reply Icon
      Thumb Down

      @Easy to block

      Well, thank you, FrancisT - but I think you forgot to mention that your software will also enhance the user's libido?

      HTH.

      5 0
  3. Anonymous Coward
    Anonymous Coward

    .ru

    It's tempting to just create a firewall rule that blocks the entire former Soviet Union. Unfortunately there is some genuinely useful software that comes from there.

    1 0
  4. Northwald
    Happy

    I always wonder how...

    I do not have a lot of technical knowledge, but the video gave a good simple explanation as how the malware was loaded. Nothing about how to stop it though, or how you would know other than your virus protector picking it up.

    0 0
  5. pan2008
    Facepalm

    php quality

    I checked the oscommerce.com website. Quality PHP, mySQL implementations springs to mind, although any system if not implemented properly is vulnerable. When will people understand that using the best software is actually cheaper.

    0 0
  6. Alain

    Which "process monitor" is this in the video?

    It doesn't look like Sysinternal's. I couldn't find anything looking like this one by googling that name.

    Anyone knows which program it is?

    2 0
This topic is closed for new posts.

Other stories you might like