OsCommerce Malware Infection
Three months ago is started a huge site infection campaign with lens oscommerce, a famous cms for medium/little on-line stores. This cms suffers of few vulnerabilities that can lead an attacker to upload files and execute remote code. Vulnerabilities: - osCommerce 2.2 Remote File Upload Vulnerability - osCommerce authentication bypass - osCommerce 2.2 Arbitrary PHP Code Execution - osCommerce 2.3.1 Remote File Upload Vulnerability Today (4/10/2011) the total number of infected sites is 830,000 but two months ago was 8 million. In some compromised sites the attacker has left the webshell. After uploading a backdoor the attacker edit the home page and add a script/iframe tag that load multiple browser exploits. Exploits used: - IE 6 Remote Code Execution - Java Runtime Environment Remote Code Execution Vulnerability - Microsoft Windows Help - Adobe Reader and Acrobat 8.x After successful exploitation a malware is downloaded and executed. V