Almost 100 000 Web pages for e-commerce sites that are based on the open source OS Commerce software in accordance with security firm Armorize have been undermined with malware by means of a mass iFrame injection attack.
Chief technology officer at Armorize Wayne Huang, said that the ongoing mass-injection attacks seems to be carried out against the e-commerce sites. The successfully attacked sites are compromised with malware that is then utilized to try and attack visitors to those e-commerce sites.
Huang also adds that while attacks across the Web are not unusual, this one is notable as it is a mass-injection type of attack which is remindful of attacks that were implemented about 3 years ago very frequently but today are not so common.
Within the open-source software, the attackers can be leveraging a known vulnerability as Huang says, adding that attackers aim at lurking and watching for any information which is shared with public about newly detected vulnerabilities in software. He also notes that open source OS Commerce is a famous foundation for an e-commerce site that is rendered a different “look and feel” through diverse templates which are typically sold. Huang observes that some of the customization it provides can be hard to upgrade as it is sometimes “hardcoded”.
The OS Commerce open source group, according to its website, counts 249. 500 owners of store as deploying its Online Merchant software, that is available for free under the GNU General Public License. To the question emailed to OS Commerce there was no immediate response.