Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Thousands of online stores running the Magento platform are infected

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 13, 2016

We just learned this morning that miscreants have installed various 'skimming scripts' on more than six-thousand ecommerce stores and are adding about 80 to 90 new ones every day in a global active operation that may have already compromised hundreds of thousands of credit and debit cards.

Dutch developer Willem de Groot discovered the malware in question that is infecting online stores running vulnerable versions of the Magento ecommerce system.

Over the past several months, hackers have uploaded so-called skimming scripts which would capture and send credit card information from online shops to Russian-based command and control servers.

De Groot asserted that the attacks spanned the 6 months from March to September and added in an educated guess that about 28,800 to 29,300 credit cards would likely have been stolen from the websites.

De Groot cited that traffic statistics that reveal the online shopping URL http://store.nrsc.org received about 341,000 vistiors in September and added that a conservative conversion ratio of 1 percent yields about 3,500 potential stolen credit cards per month.

The security issues are serious and need to be addressed rapidly, De Groot asserted. He added that some skimming scripts were removed after he reported the compromise in August.

The developer has listed some of the affected sites detected in various scans for the malicious scripts.

Some of the sites affected include thousands of businesses and government organizations allegedly compromised since the very first online attacks began in May of 2015.

"Given that there are about 5,900 other skimmed stores, and the crimes have been ongoing since at least May 2015, I would expect the number of stolen credit cards in the hundreds of thousands," De Grott asserted.

The U.S. Franklin Institute and the National History Museum both appear on the security breach list, along with scores of smaller online stores from elsewhere around the world.

For now at least, the larger online retailers appear unaffected, but that doesn't mean they are off the hook as hackers usually target other types on ecommerce platforms as well, and they could eventually be affected as well.

De Groot added that the current wave of attacks have become more broader based in what may indicate that new attackers have begun targeting other online stores that use different platforms other than Magento.

Surprisingly, some of the online retailers appear unworried by the these attacks. "I contacted a couple of online stores, but I mostly got back 'thanks, but we are safe, no worries', or 'we are OK because we use https;', or 'we are not affected since we have the Symantec security seal'," De Groot said.

"Those security seals aren't worth much," he added, since almost anybody can place them on their sites.

Online stores appear to be targeted through at least one since-patched bug reported in April 2015 that at the time was affecting some 88,000 to 90,000 online stores. The critical remote code execution vector granted access to credit cards and the even ability to write 100 percent discount coupons.

To date, De Groot has discovered 9 different variations of the malicious scripts, and has uploaded some malware samples for analysis.

Some of the scripts utilize multiple levels of obfuscation, making their analysis more difficult and marking their code as UPS or FedEx delivery data in a bid to disguise the attacks from site administrators or their webmasters.

Source: Willem de Groot.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer