Magento Sites Targeted By Gurusincsite Infection

Guruincsite is a website that is listed as suspicious site that may harm your Magento site on visiting it. According to Google, Guruincsite has hosted malicious software that infected about 7824 domain(s) and these infected websites are currently blacklisted. The hackers are using “Guruincsite[.]com” to massively target Magento sites by injecting malicious scripts which create iframes from this site.

There are two adaptations of it. The first script is not confusing:

But, the second script is unclear:

The script, which is unclear or confusing, injects the iframe – “hxxp://guruincsite[.]com/2.php”.

The malicious script is generally injected into the design/footer/absolute_footer entry of the core_config_data table. However, it is wise to scan the complete database for the code similar to “function LCWEHH(XHFER1){XHFER1=XHFER1” or the “Guruincsite” domain name.

Some vulnerability in Magento sites or one of the third-party Magento extensions – are the main causes that permitted “Guruincsite” to target such thousands of websites within just a short period of time. Furthermore, this vulnerability provides hackers with an ability to easily access your database and make a malicious admin user. Currently there is no statement from Magento on this but we will be updating as we proceed on this so keep an eye on the blog. We will be posting more blogs for resolutions as we see a reply coming from Magento on this topic.

Blog Credit: https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html