, , ,

Visbot Malware- a Vital Threat to Magento based Online Stores

Attention! All the Magento users, the websites or Online Stores are often hit by a Malware named Visbot. It hides on web servers & steals credit card information then it will encrypt it, hide it inside an image and then it will send the encrypted credit card data to a crook’s servers thereafter.
Visbot was first discovered in late March 2015 by SnapFast, a hosting company. The malware has managed to keep a low profile because it is difficult to detect Visbot infections, and not many site owners have been successful in detecting anything wrong in the first place.
Visbot uses steganography to steal data
The encrypted data that is hidden inside an image file is done using a technique known as steganography, the technique to hide text-based data inside the image files. Visbot will then leave that image in some site’s public folders, and then the malware author will get access to those files at regular intervals from that folder. This is how they manage to hide from the eyes of the protectors.

Visbot usually hides stolen credit card data in an image with names that are mentioned below:
Bkg_btn-close2_bg.gif
btn_back_bg_bg.gif
btn_cancel_bg_bg.gif
left_button_back.gif
mage.jpg
nav1_off_bg.gif
notice-msg_bg.png
section_menu_link_bg_bg.gif
sort-arrow-down_bg.png

The Visbot author holds a private encryption key and when that key is combined with the public key, the author can then easily decrypt the data.
How to detect sites infected with Visbot?
Willem de Groot a security analyst for Byte.nl, the malware has an Achille’s heel. The site owners can detect Visbot by running the following Linux command:
“curl -LH ‘User-Agent: Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;bot@visvo.com)’ \ http://your-site.com”
Or you can visit MageReport, a website that provides complete security checks for Magento based sites. Those who can’t access a Linux terminal can use MageReport to detect if their store is infected with Visbot or not.

Till now, there were 6,691 Magento stores infected with Visbot threat. The affected store owners are now being contacted.
Visbot can infect your website when a hacker gains access to the store, either by brute-forcing connections or by taking advantage of vulnerabilities built in unpatched websites. Thus, we advise all our clients to keep their Magento store up to date and also suggest to use strong passwords to avoid infections like Visbot or other credit card stealers.

,

5 Steps to make the Best out of the Magento Meetups

Magento meet ups are always informational as well as it is a great opportunity for developers and other concerned parties to connect with each other. There are a lot of things to do and learn at these events,follow the blow mentioned steps to make the best out of a Magento Event.

  • Have Clear Agenda

It is important to know your goals before attending an event. Here are the few ways to do this:

1) Look at the agenda of the events and list out the “can’t miss” sessions.

2) Find out with whom you’d like to connect.

3) Identify that one thing you’d want to have a greater knowledge of. Ask yourself questions like what do you want to learn? What will make you feel that the event was worth your time?

  • Kick Start a Conversation with People

The connections that you make at these events are invaluable for moving yourself as well as your business forward. Take the initiative and Magento community will be the most welcoming and friendly bunch you will ever find, so walk up to people you would like to meet and introduce yourself and get their contact information for post-event connection via Twitter, email, or something else.

  • Write Down Vital Takeaways

Take a notebook to every meeting and event or type notes on your phone. The reason to do so is to concentrate on the takeaways that matter the most. Once you take notes, try to convert them into action steps.

  • Share With Your Team

Share your knowledge with your team via Slack or an internal meet up in your office. It is important as your learnings can help them as well as help you to decide how you can use the knowledge in the best possible manner.

  • Apply What You Learn

The best thing that you can do is to make a strategy for each key takeaway to make it relevant, realistic and refined for you and your team as well as your current and future project? The steps to do that are as follows:

  • What can I apply now?
  • What can I apply to my next project?
  • What can I start applying next year?

Thus, above were the 5 Steps to make the Best out of the Magento Meetups.