Millions of ecommerce websites targeted by iframe attack

Millions of ecommerce websites targeted by iframe attack

Around 8 million ecommerce sites running on the osCommerce framework have been compromised by an attack appearing to originate from Ukrainian servers, security firm Armorize reported recently.

While the exploit - which took advantage of a vulnerability in osCommerce that allowed the attackers to inject a malicious iframe - mostly threatens users running older versions of Internet Explorer, the rapid increase in the number of infected sites is cause for concern.

Additionally, according to Shopsafe.co.uk, the flaw used in the attack's malware payload was thought to have been closed in 2010.

"[The attack puts] a lot of pressure on companies which do not have the funds to keep their software bang up to date," the website reported, though it said that most larger ecommerce sites are unlikely to be affected and should be safe to use.

For smaller companies, however, the attack highlights the serious damage that can be done when the need to keep security systems fully updated is ignored, according to experts. The search engine and reputational damage caused by such a breach can be immense.