As you may know from our previous posts, we’ve been watching the willysy.com infection of millions of e-commerce websites over the past few weeks.
Now, it appears that many of these are still infected and the hackers have now changed the infection to:
hxxp://tiasissi. com .br/revendedores/jquery
What’s really frustrating from our perspective, is that these are so easy to prevent. To date, we’ve cleaned 1,179 of these infections and no repeat infections – our methods work!
With the willysy infections we’ve seen many entries in the admin section of the osCommerce database which shows that the hackers have taken total control of these websites and this is just the infectious code they prefer to use for now.
There are many different backdoor shell scripts the hackers are installing on these websites and code inserted into the payment processing files that allow the hackers to steal the credit card information as it gets processed.
This is all cleanable and prevention is quite easy.
Contact us to have your website cleaned or email me at: firstname.lastname@example.org
If you have questions about this, please leave a comment. We’ll respond promptly.