08-15-2011, 11:36 PM
TheRegister Wrote:An attack targeting sites running unpatched versions of the osCommerce web application kept growing virally this week, more than three weeks after a security firm warned it was being used to install malware on the computers of unsuspecting users.
When researchers from Armorize first spotted the exploit on July 24, they estimated it had injected malicious links into about 91,000 webpages. By early last week, The Reg reported it had taken hold of almost 5 million pages. At time of writing, Google searches here and here suggested that the number exceeded 8.3 million.
full article http://www.theregister.co.uk/2011/08/02/...oes_viral/
more
http://www.darkreading.com/vulnerability...pages.html
detailed description
http://blog.armorize.com/2011/07/willysy...going.html
solution: upgrade to v2.3 or die, and block these Ukranian IPs 178.217.163.33, 178.217.165.111, 178.217.165.71, 178.217.163.214