Anti-Malware

The popular open source ecommerce web application osCommerce has been the target of a widespread malware attack, with security experts estimated the number of websites infected at close to 5 million.

Cyber criminals are exploiting a vulnerability in the shopping cart software to install malicious software that attempts to install itself on users computers when they visit an infected site. Since the attack was first identified by security firm Armorize, Google searches show that the number of infected sites in the index has grown from 90,000 to just under 5 million infected web pages.

Exploiting numerous security flaws in osCommerce, attackers residing in the Ukraine are inserting iframes into the unpatched online stores that secretly redirect visitors to the infected files. The infected files are being hosting on the domain names willysy.com and exero.eu. Not surprisingly, those two domains also attempt to exploit several Microsoft Windows vulnerabilities.

If you’re a website owner running osCommerce, it’s suggested that you immediately patch your software using the instructions provided by Armorize here and the osCommerce community here.

Continue Reading

Microsoft has issued a warning to the 900 million users of it’s Internet Explorer web browser admitting that they are at serious risk of having their PCs hacked and their private information stolen by attackers.

Microsoft has also confirmed that they haven’t developed a permanant patch for the exploit yet, however users are advised to apply a temporary fix that will prevent hackers from being able to exploit the vunerability and install malcious software (aka malware) which can infect a users PC simply by visiting a rouge of infected website.

According to Microsoft’s Angela Gunn “an attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session”.

She went on to say that “such a script might collect user information (eg., email), spoof content displayed in the browser, or otherwise interfere with the user’s experience”.

Althought Mozilla Firefox and Google Crome have made inroads into the PC browser market, Microsoft’s Internet Explorer still remains the most widely used browser with over 50% marketshare.

For more information, visit the Official Microsoft blog post regarding this issue.

Continue Reading

A new secure web browsing application based on Mozilla Firefox, that uses virtualisation technology to isolate it from Windows has been released by Kace, a subsidiary of Dell.

The secure app provides a ‘browser-in-a-sandbox’ that can contain threats from malware and prevent them from attacking the rest of a users system.

“If you can secure the browser, you have a better chance of stopping attacks before your anti-virus and anti-malware tools can detect them,” said Rob Meinhardt, chief executive and co-founder of Kace.

Kace has based the Secure Browser upon it’s own virtualisation technology and comes precomilied with Adobe Reader and Flash plugins. The Dell Kace Secure Browser is available as a free download and a Internet Explorer version is expected to be released later in the year.

Source: itnews.com.au

Continue Reading