More Open Source Woes: Malware Problem Grows

August 25, 2011

The article, Attack on Open-Source Web App Keeps Growing, on The Register, reports of an alarming attack on the open-source online shopping application, osCommerce. The attack injects malware into the computers of users of the shopping app.

Being open-source, osCommerce is understandably a very popular product for any online vendor. There own website boasts that over 250,000 shop owners, developers and entrepreneurs utilize their product. With that being the case, Amorize’s bleak report on the number infected with the malware is no surprise. At the time of publication of the article, experts estimated over 8.3 million pages were infected.

The attack is best explained by the article:

Armorize said attackers are exploiting three separate vulnerabilities in the open source store-management application, including one that was discovered last month. Harold Ponce de Leon, the lead developer of osCommerce, said there’s only one vulnerability that’s being exploited, but he admitted that no one on his team has spoken to anyone at Armorize to reconcile the difference of opinion.

This exploitation of open-source software is bad news for not only the open-source community, but also the search industry as well. The rate at which pages are becoming infected signifies how quickly one unprotected piece of software can infect an entire community.

There is a patch for the problem but unfortunately, as evidenced by the number of infected, it is not being applied. Anytime an update is available, it is imperative that users download it immediately. If you are using open source, you may have to worry about more than legal hassles. Will this affect Lucene and other open source search solutions? Stay tuned.

Catherine Lamsfuss, August 25, 2011

Comments

4 Responses to “More Open Source Woes: Malware Problem Grows”

Charlie Hull on August 25th, 2011 3:47 am

You could just as easily replace ‘open source’ with ‘all software’ in this article. Everything is subject to vulnerabilities – it’s just that with open source you can see, and fix the problem – closed source vulnerabilities first have to be acknowledged by the vendor and then fixed by them – but you can’t check how this has been done of course!
Jules on August 25th, 2011 9:33 am

Even more open Source Woes:

Java 7 Causes Headaches for Lucene and Solr Users

http://jaxenter.com/java-7-causes-headaches-for-lucene-and-solr-users-37195.html
anuram on August 25th, 2011 12:56 pm

Malware Problem are increasing with all softwares not only open source software….
Charlie Hull on August 26th, 2011 8:26 am

Jules, AFAIK those Java problems have been fixed – and it wasn’t really much of a problem to continue using an earlier Java version until they were…

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.