We have noticed a recent spurt in client websites being affected by malwares and hence Google banning the website and browsers showing warning. This type of malware infection was seen affecting only the php or wordpress sites in the past. Upon thorough inspection and working around couple sites we came to know about a new Magento security exploit that is currently being tracked as “Guruincsite Infection.” As of the time of this writing, Google has already identified and blacklisted 7,000 sites and we expect this number to continue to increase as more infections occur.
The attack exploits a flaw in the Magmi Magento extension that allows the remote attacker to inject malicious iframes for “guruincsite[.]com” into the site. The malicious code is normally injected into the design/footer/absolute_footer of the core_config_data database table.
If you currently use the Magmi extension, we strongly recommend removing it immediately or locking it down to IP-based authentication. If you are not sure if you use Magmi or if you are not sure how you should lock it down, please let our support staff know immediately and we would be happy to assist you. oCodewire Magento Team
Comments (1)
Hi,
Great post , but unfortunately in my case it never helped. Because my magento have not installed magmi also the value of ‘design/footer/absolute_footer’ in core_config_data seems NULL.
So this solution never impressed me
Thanks
Tony