ID: IRCNE2011071199
Date: 2011-07-30
According to “ZDNET” and “ComputerWorldUK”, security researchers from Armorize have intercepted a currently live mass iFrame injection attack, affecting about 100,000 Web pages for e-commerce sites based on the open source OS Commerce software. The ongoing mass-injection attacks appear to be carried out from Ukraine against the e-commerce sites.
Once the users visits an affected page, a number of javascript redirectors lead the user to a client-side exploits serving page.
The attackers "may be leveraging a known vulnerability" in the open-source software, says a chief technology officer at Armorize. He notes that OS Commerce open source is a popular foundation for an e-commerce site which is then given a different "look and feel" through various templates that are typically sold.
Malicious attackers are either abusing input validation flaws within the vulnerable sites, or have been harvesting botnets for stolen FTP credentials in order to embed the pages with the malicious iFrame.
- 2