Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: MW:OSCOM:1

Description: Code used to insert a malicious javascript on sites using OsCommerce. Loads malware from:
http://khcol.com/page/?ref=aHR0cDovL2FtZXJpY2F....bWluLw==
nt02.co.in
nt002.cn
nt02.co.in
nt04.in
nt06.in
nt07.in
http://webarh.com/r.php
http://77.78.245.63/index.php
http://kirm-sky.ru
http://nt04.in

More details: http://blog.sucuri.net/2010/10/oscommerce-attacks-kirm-sky-ru.html

Most of the sites affected also had a few PHP files inserted inside the /images folder, generally called inclasses.php or phpclasses.php.

Malware dump:

For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb