SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.oscommerce_infection

malware.oscommerce_infection

Description:
OsCommerce infection that usually involves .htaccess redirects, injections of malicious scripts and black hat SEO spam. More details can be found in our blog post about this infection: osCommerce attacks – kirm-sky.ru

Sample of an injected script:

< script src = "http://nt02[.]co.in/3" >

URLs and domains involved in this attack

hxxp://khcol[.]com/page/?ref=aHR0cDovL2FtZXJpY2F....bWluLw==
nt02[.]co.in
nt002[.]cn
nt02[.]co.in
nt04[.]in
nt06[.]in
nt07[.]in
webarh[.]com/r.php
77.78 .245.63/index.php
kirm-sky[.]ru

Most of the sites affected also had a few PHP files inserted inside the /images folder, generally called inclasses.php or phpclasses.php.

Affecting: osCommerce websites