Visbot is a credit card skimming malware; while not a new type of malware, a scan by Magento discovered some recent infections. Magento will be reaching out to all affected Enterprise customers, and to Community customers whom they have contact information for.
The following is recommended for all store owners:
- Magereport.com provides insight into your security status, you can use this free service to check your site.
- If the scan confirms your site has been impacted by malware, follow the site remediation steps together with your web developer to clean your site.
- Address all issues discovered by the Magereport.com scan. My Account contains all Enterprise Edition patches and Community Edition patches are posted on the Community Edition download page under the Release Archive tab.
- Protect yourself from brute force password guessing which is on the rise against sites that have all the security patches in place.
- Magento Security Best Practices will further protect your site.
- If you are an advanced user, use malware discovery rules to detect specific infected files on your site.
It is important to thoroughly clean infected sites. The harmful code can live in a number of places such as payment template files, in core files, or in full access shells located in various directories. If any code or unrecognized admin accounts are left behind, the malicious code may be reinserted after cleanup. Attackers often hack sites that:
- Do not have up-to-date security patches
- Use vulnerable versions of extensions like Magmi or WebForms
- Are not cleaned properly after a malware attack, allowing leftover code to reinsert malicious code after cleanup
- Have open admin, downloader, and RSS urls without protection against password guessing
Implementing best practices is critical for long-term security, and we strongly recommend reaching out to your developer to address these issues. If you need any assistance, you can reach us either by filling out our contact us form, emailing us at info@121ecommerce, or calling us directly at 216-586-6656.