According to El Reg, 5 million web pages have been taken over in an attack against open source store manager tool named osCommerce.
There's a pretty good movie of a drive-by exploit in action, taken by a security researcher named Wayne Hwong from Armorize.com running an infected page from gamefocus.uk web store. It bounces from UK to EU to RU where it gets the updates.exe file that runs on your PC. Unfortunately it doesn't go into detail how to protect yourself.
The overall problem is the popularity of the ecommerce tool. If it's popular and widespread tool, then once an exploit is created, google can be used to find all the stores that use it, the badguy can load his malware on all the sites. It starts out one at a time, but this one was automated, so sites were taken over quickly, then all the machines that accessed the web sites.
This is the reason I run Noscript.
Perry
AI and Voter Engagement
17 hours ago
No comments:
Post a Comment