Willysy Malware Infects More than 6 Million WeSites

 
In less than two weeks, a malware injection that targets e-commerce Web pages has ballooned from 90,000 infected pages to more than 6 million. Malware willysy The malware, called willysy, exploits a vulnerability in a popular online merchant platform, osCommerce, according to Web application security provider Armorize, of San Francisco.
When the company initially reported the injection on July 24, it found 90,000 infected pages. When it took another look at the malware on August 3, it found the injection had spread to some 6.3 million pages.

Although the identity of the perpetrators of the attacks by the malware could not be identified by Armorize, the company did trace the forays to eight IP addresses, all located in the Ukraine.
Armorize explainedthat the attacks exploit three known vulnerabilities in version 2.2 of osCommerce. The exploits allow the attackers to place an invisible frame (iFrame) on the page and then inject malicious code (JavaScript) into the page, where it will infect visitors to the online store.
Once the infection makes it to shopper's computer, it targets vulnerabilities in Java, Adobe Reader, Windows Help Center and Internet Explorer. Although the flaws in those programs targeted by the infection are known and have been patched, the attackers are betting that the user hasn't patched all the programs.
Even the exploitation of osCommerce itself depends on lax patch management by the shopping site, since the holes in the program used by the attackers were patched in version 2.3 of the software released in November of last year. Since that time, two versions of the offering have been released, 2.3.1 and 3.0.1.

According to osCommerce, the open source software is used by some 249,000 store owners, developers, service providers and enthusiasts.
Attacks like the one discovered by Armorize can be especially harmful to small and medium-size businesses (SMB), asserts Frank Kenney, a former Gartner analyst and vice president of Global Strategy at Ipswitch, a file transfer security company in Lexington. Malware willysyWillysy's progress Those companies typically don't have the financial resources of larger firms so they're attracted to open source programs like osCommerce and use off-the-shelf software in their operations. "Whenever you use off-the-shelf software, you have to understand there are data issues and all types of security vulnerabilities that exist," he told
While the makers of off-the-shelf software patch their programs often, he continued, the business still has to invest in the resources to insure that proper patch work is done. "That requires an outlay of capital that SMBs are not willing to deal with or don't have within their margins," he says.
Such lack of diligence can hurt a business in the long run, because security breaches can invite scrutiny from credit card companies, he explained. A credit card company may refuse to allow the business to use its services until it shows a certain level of security compliance that is out of the reach of the business from a financial or time and resource point of view.
That would have dire consequences for an SMB, he maintains. "The ability to process cards is the difference between a small business or a chain of mom-and-pop stores being open today and being closed tomorrow," he says.
 
-News Source (PC World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories:
Related Posts Plugin for WordPress, Blogger...