More Open Source Woes: Malware Problem Grows
August 25, 2011
The article, Attack on Open-Source Web App Keeps Growing, on The Register, reports of an alarming attack on the open-source online shopping application, osCommerce. The attack injects malware into the computers of users of the shopping app.
Being open-source, osCommerce is understandably a very popular product for any online vendor. There own website boasts that over 250,000 shop owners, developers and entrepreneurs utilize their product. With that being the case, Amorize’s bleak report on the number infected with the malware is no surprise. At the time of publication of the article, experts estimated over 8.3 million pages were infected.
The attack is best explained by the article:
Armorize said attackers are exploiting three separate vulnerabilities in the open source store-management application, including one that was discovered last month. Harold Ponce de Leon, the lead developer of osCommerce, said there’s only one vulnerability that’s being exploited, but he admitted that no one on his team has spoken to anyone at Armorize to reconcile the difference of opinion.
This exploitation of open-source software is bad news for not only the open-source community, but also the search industry as well. The rate at which pages are becoming infected signifies how quickly one unprotected piece of software can infect an entire community.
There is a patch for the problem but unfortunately, as evidenced by the number of infected, it is not being applied. Anytime an update is available, it is imperative that users download it immediately. If you are using open source, you may have to worry about more than legal hassles. Will this affect Lucene and other open source search solutions? Stay tuned.
Catherine Lamsfuss, August 25, 2011
Sponsored by Pandia.com
Comments
4 Responses to “More Open Source Woes: Malware Problem Grows”
You could just as easily replace ‘open source’ with ‘all software’ in this article. Everything is subject to vulnerabilities – it’s just that with open source you can see, and fix the problem – closed source vulnerabilities first have to be acknowledged by the vendor and then fixed by them – but you can’t check how this has been done of course!
Even more open Source Woes:
Java 7 Causes Headaches for Lucene and Solr Users
http://jaxenter.com/java-7-causes-headaches-for-lucene-and-solr-users-37195.html
Malware Problem are increasing with all softwares not only open source software….
Jules, AFAIK those Java problems have been fixed – and it wasn’t really much of a problem to continue using an earlier Java version until they were…