Posts

Showing posts from October, 2011

OsCommerce Malware Infection

Image
Three months ago is started a huge site infection campaign with lens oscommerce, a famous cms for medium/little on-line stores. This cms suffers of few vulnerabilities that can lead an attacker to upload files and execute remote code. Vulnerabilities: -   osCommerce 2.2 Remote File Upload Vulnerability -   osCommerce authentication bypass -   osCommerce 2.2 Arbitrary PHP Code Execution -   osCommerce 2.3.1 Remote File Upload Vulnerability Today (4/10/2011) the total number of infected sites is 830,000 but two months ago was 8 million. In some compromised sites the attacker has left the webshell. After uploading a backdoor the attacker edit the home page and add a script/iframe tag that load multiple browser exploits. Exploits used: - IE 6 Remote Code Execution - Java Runtime Environment Remote Code Execution Vulnerability - Microsoft Windows Help - Adobe Reader and Acrobat 8.x After successful exploitation a malware is downloaded and executed. V