Magento sites being targeted by Guruincsite malware (Neutrino exploit kit)

Announcement from Magento:

We are investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit). We have not identified a new attack vector at this time, but have found that nearly all impacted sites tested so far were vulnerable to a previously identified code execution issue for which we released a patch in early 2015; sites not vulnerable to that issue show other unpatched issues. The malware can also take advantage of situations where an administrative account has been compromised through weak passwords, phishing, or any other unpatched vulnerability that allows for administrative access, so it is important to check for fake user accounts and for leftover demo accounts.

With the exception of a few identified Magento Enterprise Edition merchants, we have not found any other Enterprise clients that have been affected. Magento Security & Support Teams are actively working with those merchants to address the issue. We have posted full instructions for our Magento Community sites to identify and fix the issue and will continue to drive awareness across the Magento ecosystem to the importance of taking all precautions and implementing rigorous security measures.

If you need any assistance with security patch updates, please send an email to:
support@eboundhost.com

Tom P October 21, 2015