Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Malware entry: malware.oscommerce_infection

Description: OsCommerce infection that usually involves .htaccess redirects, injections of malicious scripts and black hat SEO spam. More details can be found in our blog post about this infection: osCommerce attacks – kirm-sky.ru

Sample of an injected script:

< script src = "http://nt02[.]co.in/3" >

URLs and domains involved in this attack

hxxp://khcol[.]com/page/?ref=aHR0cDovL2FtZXJpY2F....bWluLw==
nt02[.]co.in
nt002[.]cn
nt02[.]co.in
nt04[.]in
nt06[.]in
nt07[.]in
webarh[.]com/r.php
77.78 .245.63/index.php
kirm-sky[.]ru

Most of the sites affected also had a few PHP files inserted inside the /images folder, generally called inclasses.php or phpclasses.php.


Affecting: osCommerce websites


For all our web-based malware signatures, go here: http://labs.sucuri.net/?malwaredb