Magento under attack – Visbot malware disrupts 7000 online stores

Magento is the third most hacked CMS after WordPress and Joomla.

In recent times, online stores running the Magento platform have had to deal with a new and improved threat – Visbot malware. The first documented case of Visbot goes back to March 2015. And now roughly 7000 Magento stores worldwide have been identified as running the malware.

Unlike most Magento malware that collects credit card data, Visbot doesn’t work on the site’s frontend. It only works with server-side code, never exposing itself. Webmasters are likely to discover it – but only if they look for it.

How Visbot steals data

The malware waits for users to submit credit card data, and intercepts it on the server-side. Visbot takes this data, and encrypts it with a public encryption key, hardcoded in the malware’s source code.

This encrypted data is packed in an image file, using steganography, which hides text-based data inside image files.

Visbot leaves this image in one of the site’s public folders, and the malware author retrieves it at fixed intervals. If sites are running firewalls, all they see is a user downloading an image, something that happens all the time on e-commerce stores.

Here are some filenames where Visbot usually hides stolen credit card information.

Magento attack - Visbot malware file names

The Visbot author holds a private encryption key, which in combination with the public key, can decrypt the data, meaning no other crook can download the images extract credit card details, and steal the data.

How do I check if my site is infected?

In order for Visbot’s creator to keep track of sites he infected, and see if they’re still infected, he uses a special user agent.

Other webmasters can check if their sites are infected with Visbot by running the following SSH command:

grep -r Visbot --include='*.php' /my/document/root

This is the path where the infected file is located:

Magento attack - Visbot malware file location

MageReport is a website that provides security audits for Magento sites. Store owners can use it to detect if their store is infected with Visbot.

And here is what the maleware’s source code looks like.

To stay on the safe side, keep your Magento patches updated and always use strong passwords.

 

 


Anisha Sawant

Women in Tech : She believed she could, so she did.


Be it running marathons, climbing mountains, swimming the deepest seas, leading entire nations or going into outer space – there’s nothing women can’t do. Breaking all barriers and coming out superstars, women all over the world show, on a daily basis, that they are not the weaker sex by any means.

The only constant in technology is change. We’ve moved from computers big enough to fill multiple rooms to devices that are wearable. This advancement has not happened overnight. It has taken time and global effort. From people who think different.

We’ve all heard big names like Bill Gates, Steve Jobs, and Mark Zuckerberg floating around the internet. But it’s not just a man’s world. The times have changed with scores of women killing it on the technical turf.

In honour of Women’s History Month, here’s a look at a few women who have outdone themselves with incredible careers in technology, flying high and in style.


Sheryl Sandberg – COO, Facebook

A Harvard graduate, she started out as a Management Consultant for McKinsey & Company. She went on to fill several important roles, including a stint at the United States Treasury. She then moved to Silicon Valley and joined Google Inc., serving as its Vice President of Global Online Sales and Operations. Sheryl met Mark Zuckerberg at a Christmas party where he thought she was “a perfect fit” and offered her the role of COO at Facebook (even though this was not an open position at the time), where she has been working on making the company more profitable. She is also the first female member of Facebook’s board of directors. Her mom raised her and her sister to believe they could do anything, and they believed her.

Sheryl Sandberg


Marissa Mayer – CEO, Yahoo

After graduating from Stanford with honours (of course!), Mayer joined Google and became the company’s first female engineer. Her attention to detail helped her up the professional ladder – she went on to become the Vice President of Google Product Search. And somehow, in spite of being pretty, in spite of being a “girl,” Mayer continues to be one of the most respected, well-liked figures in Silicon Valley.

Marissa Mayer


Meg Whitman – CEO, Hewlett Packard

She is a graduate from Princeton University and Harvard Business School. Whitman has had several big names shape her career – she was Vice President of Strategic Planning at The Walt Disney Company, and served as an executive for a whole bunch of others including DreamWorks, Proctor & Gamble and Hasbro. She was President and CEO of eBay where she oversaw its expansion from 30 employees and $4 million in annual revenue to more than 15,000 employees and $8 billion in annual revenue. Being a girl didn’t stop her from building an e-Commerce empire. She is currently the CEO at Hewlett Packard Enterprise with a focus on R&D.

Meg Whitman


Susan Wojcicki – CEO, YouTube

This classy lady had the founders of Google set up office in her garage! Before becoming Google’s first Marketing Manager, she worked with Intel and Bain & Company. Within Google, she grew to become Senior Vice President of Advertising and Commerce. She handled Google’s acquisition of YouTube. She has been described as many wonderful things, including “the most important person in advertising” and “the most powerful woman on the internet” by Time magazine.

Susan Wojcicki


Ginni Rometty – Chairwoman, President and CEO, IBM

With a Bachelor’s degree in Computer Science and Electrical Engineering, she went to work for General Motors Institute. She later joined IBM as a Systems Engineer. She is credited with spearheading IBM’s growth strategy by getting the company into cloud computing and analytics for businesses. She has been with IBM for over three decades and has made infinitely valuable contributions to their growth.

Ginni Rometty


Safra Catz – Co-CEO, Oracle

Born in Israel to Jewish parents, she moved to the US at a very young age. She graduated from Harvard Law School and then worked as a banker at Donaldson, Lufkin & Jenrette. After working in investment banking for several years, she entered the tech world where she has been associated with companies like Hyperion Solutions Corp., TechNet and PeopleSoft. She then joined Oracle and is credited for having driven Oracle’s efforts to acquire software rival PeopleSoft in a $10.3 billion takeover. She has been ranked several times as “the most powerful woman in business”.

Safra Catz


Ursula Burns – Chairman and CEO, Xerox

She was born in New York to Panamanian immigrants. She got her Master of Science in Mechanical Engineering from Columbia University. She started her career as a summer intern at Xerox. Ursula then went on to become their Chairman and CEO. As such, she is the first black-American CEO to head a Fortune 500 company. She is also the first woman to succeed another woman as head of a Fortune 500 company, having succeeded Anne Mulcahy as CEO of Xerox. She has been listed multiple times by Forbes as one of the 100 most powerful women in the world.

Ursula Burns


Padmasree Warrior – CEO of U.S., NextEV

Yellepeddi Padmasree was born and raised in the city of Vijayawada in the southern state of Andhra Pradesh, India. She received a Bachelor’s degree in Chemical Engineering from the Indian Institute of Technology, Delhi. She holds a Master’s degree in the same field from Cornell University. She is the former Chief Technology & Strategy Officer (CTO) of Cisco Systems, and the former CTO of Motorola, Inc. She served for over two decades at Motorola. During her tenure as their CTO, Motorola was awarded the National Medal of Technology by the President of the United States, the first time the company had received this honour. Her brilliant career has landed her a spot on several coveted lists including Most Powerful Women and Women Elevating Science and Technology, she was ranked as the 11th Most Influential Global Indian. She is currently the CEO of U.S. for NextEV, an electric vehicle company and was called the “Queen of the Electric Car Biz” by Fortune magazine.

Padmasree Warrior


Gwynne Shotwell – President and COO, SpaceX

She received a Bachelor of Science and a Master of Science in Mechanical Engineering and Applied Mathematics from Northwestern University. Gwynne originally planned to work in the automotive industry and joined Chrysler Corporation’s management training program but later decided to move to a different area of work. And what’s better than high-end cars, you ask? Rocketships! She joined The Aerospace Corporation where she carried out technical work on military space research and development contracts. Wanting to “build and put spacecraft together” she became the Director of the Space Systems Division at Microcosm Inc., a low-cost rocket builder in El Segundo. She is now President and Chief Operating Officer of SpaceX, a United States corporation providing space transport services to both government and commercial customers.

Gwynne Shotwell


So there you have it, some of the greatest technical achievers in the world, who also happen to be female. The next time anyone tells you that you can’t do it because you’re a girl, smile at them and then do everything it takes to prove them wrong.


Anisha Sawant