In the course of a mass iFrame injection attack, nearly 100,000 web pages for e-commerce sites on the open source OS Commerce platform were compromised with malware, reports security firm Armorize.

As estimated the attacks appear to come from Ukraine and they aim to infect the websites with malware to further attack visitors to these e-commerce websites, says Wayne Huang, chief technology officer at Armorize.

According to Huang the attacks while being not uncommon are notable with that they use mass-injection type of attack that's reminiscent of attacks that were carried out about three years ago in high frequency but are not as common today.

Huang notes that hackers “may be leveraging a known vulnerability" in the open-source software. He says that attackers tend to lurk and watch for any information that's shared publicly about newly found vulnerabilities in software. He notes that OS Commerce open source is a popular foundation for an e-commerce site which is then given a different "look and feel" through various templates that are typically sold. He notes that some of the customization this brings may be hard to upgrade because it is sometimes "hardcoded."